You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Jacob Janco (JIRA)" <ji...@apache.org> on 2017/01/18 23:35:26 UTC
[jira] [Commented] (MESOS-6947) Fix pailer XSS vulnerability
[ https://issues.apache.org/jira/browse/MESOS-6947?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15828978#comment-15828978 ]
Jacob Janco commented on MESOS-6947:
------------------------------------
https://reviews.apache.org/r/55691
> Fix pailer XSS vulnerability
> ----------------------------
>
> Key: MESOS-6947
> URL: https://issues.apache.org/jira/browse/MESOS-6947
> Project: Mesos
> Issue Type: Improvement
> Components: webui
> Reporter: Jacob Janco
> Assignee: Jacob Janco
>
> There exists a XSS vulnerability in pailer.html.
> `window.name` can be set to an external domain serving js which is wrapped in `<script>` tags by the `getJSON` async call. A detailed example will follow acceptance of the patch.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)