XMLWordPrintable

    Details

      Description

      The following parameters were identified (by @SimonWaters, Surevine - 5th Aug 2014) as being vulnerable to reflected XSS (Cross Site Scripting):

      • /dwr/exec/downloader.updatePluginsList.dwr [c0-id parameter]
      • /external-components-settings.jsp [secret parameter]
      • /external-components-settings.jsp [subdomain parameter]
      • /group-summary.jsp [search parameter]
      • /server2server-settings.jsp [remotePort parameter]
      • /setup/setup-admin-settings.jsp [email parameter]
      • /setup/setup-admin-settings.jsp [newPassword parameter]
      • /setup/setup-admin-settings.jsp [newPasswordConfirm parameter]
      • /setup/setup-admin-settings.jsp [password parameter]

      This ticket was originally a collection of issues raised, but has been updated to focus only on reflected XSS (high priority) issues.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              dwd Dave Cridland
              Reporter:
              dwd Dave Cridland
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: