You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@openmeetings.apache.org by "Maxim Solodovnik (JIRA)" <ji...@apache.org> on 2016/04/26 16:29:12 UTC

[jira] [Updated] (OPENMEETINGS-1379) XSS in Chat window leading to DOS

     [ https://issues.apache.org/jira/browse/OPENMEETINGS-1379?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Maxim Solodovnik updated OPENMEETINGS-1379:
-------------------------------------------
         Assignee: Maxim Solodovnik  (was: SebastianWagner)
         Priority: Blocker  (was: Critical)
    Fix Version/s: 4.0.0
                   3.2.0
                   3.1.2

> XSS in Chat window leading to DOS
> ---------------------------------
>
>                 Key: OPENMEETINGS-1379
>                 URL: https://issues.apache.org/jira/browse/OPENMEETINGS-1379
>             Project: Openmeetings
>          Issue Type: Bug
>          Components: UI
>    Affects Versions: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.1.0, 3.1.1, 3.1.2
>            Reporter: Subho Halder
>            Assignee: Maxim Solodovnik
>            Priority: Blocker
>              Labels: security
>             Fix For: 3.1.2, 3.2.0, 4.0.0
>
>
> The chat window can execute XSS payloads, thus one can infect all the users who have joined the room/meeting. The XSS is persistent and that can lead to Denial of Service.
> A simple popup which alerts 9 can make it hard for other user to use it.
> One can check the POC by trying to log-in at the demo server provided: https://om.alteametasoft.com/openmeetings/



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)