Project

General

Profile

Bug #22042

CVE-2017-12175 - XSS in discovery rule filter autocomplete functionality

Added by Daniel Lobato Garcia over 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Discovery plugin
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Jan Hutaƙ of Red Hat reports:

There is a XSS possible in discovery rule when you are entering filter and you use autocomplete functionality

bug #22042 resolved.png View bug #22042 resolved.png 144 KB Ido Kanner, 04/17/2018 10:59 AM
Bug%20%2322042%20resolved

History

#1 Updated by Daniel Lobato Garcia over 2 years ago

  • Category set to Discovery plugin
  • Subject changed from CVE-2017-12175 - XSS in discovery rule filter autocomplete functionality to CVE-2017-12175 - XSS in discovery rule filter autocomplete functionality

#2 Updated by Ido Kanner about 2 years ago

  • Assignee set to Ido Kanner

#3 Updated by Ido Kanner about 2 years ago

I have tested it, and it looks like it was resolved

#4 Updated by Lukas Zapletal about 2 years ago

Thanks, I wonder which core patch fixed this, we need to know.

Also available in: Atom PDF