Bug #25182
CVE-2018-16887 - XSS on Subscription/Repositories pages
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Description
How to reproduce:
1. Create org with <b> org </b> name
2. Pick Any org on the mast head
3. Go to Subscription page
4, Choose the <b> org </b> organization from the selector
5. Once the page loads, check out the org selector in top left, it's bold
Related issues
Associated revisions
History
#1
Updated by The Foreman Bot over 4 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/Katello/katello/pull/7757 added
#2
Updated by Amir Fefer over 4 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset katello|17451c950201bedec9bdd3748e17863b550a6be2.
#3
Updated by Michael Johnson over 4 years ago
- Target version set to Katello 3.9.0
#4
Updated by Michael Johnson over 4 years ago
- Triaged changed from No to Yes
#5
Updated by Tomer Brisker about 4 years ago
- Bugzilla link set to 1662179
#6
Updated by Tomer Brisker about 4 years ago
- Related to Bug #22568: RH repos XUI: page crashes when in Any context added
#7
Updated by Tomer Brisker about 4 years ago
- Subject changed from XSS on Subscription/Repositories pages to CVE-2018-16887 - XSS on Subscription/Repositories pages
- Found in Releases Katello 3.7.1 added
Fixes #25182 - fix xss on react pages