You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by "Maxim Solodovnik (JIRA)" <ji...@apache.org> on 2016/04/26 16:29:12 UTC
[jira] [Updated] (OPENMEETINGS-1379) XSS in Chat window leading to
DOS
[ https://issues.apache.org/jira/browse/OPENMEETINGS-1379?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maxim Solodovnik updated OPENMEETINGS-1379:
-------------------------------------------
Assignee: Maxim Solodovnik (was: SebastianWagner)
Priority: Blocker (was: Critical)
Fix Version/s: 4.0.0
3.2.0
3.1.2
> XSS in Chat window leading to DOS
> ---------------------------------
>
> Key: OPENMEETINGS-1379
> URL: https://issues.apache.org/jira/browse/OPENMEETINGS-1379
> Project: Openmeetings
> Issue Type: Bug
> Components: UI
> Affects Versions: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.1.0, 3.1.1, 3.1.2
> Reporter: Subho Halder
> Assignee: Maxim Solodovnik
> Priority: Blocker
> Labels: security
> Fix For: 3.1.2, 3.2.0, 4.0.0
>
>
> The chat window can execute XSS payloads, thus one can infect all the users who have joined the room/meeting. The XSS is persistent and that can lead to Denial of Service.
> A simple popup which alerts 9 can make it hard for other user to use it.
> One can check the POC by trying to log-in at the demo server provided: https://om.alteametasoft.com/openmeetings/
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)