Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-1874

XSS on LDAP Server Settings page

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.4.2
    • Component/s: None
    • Environment:
      Windows Server 2016

      Description

      LDAP Settings page (/ldap-server.jsp) is susceptible to XSS - a <script> tag entered into the BaseDN setting here will be rendered on Server Settings → Profile Settings (/profile-settings.jsp)

        Attachments

          Activity

            People

            Assignee:
            guus Guus der Kinderen
            Reporter:
            danc_surevine Dan Caseley
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: