You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Jacob Janco (JIRA)" <ji...@apache.org> on 2017/01/18 23:35:26 UTC
[jira] [Created] (MESOS-6947) Fix pailer XSS vulnerability
Jacob Janco created MESOS-6947:
----------------------------------
Summary: Fix pailer XSS vulnerability
Key: MESOS-6947
URL: https://issues.apache.org/jira/browse/MESOS-6947
Project: Mesos
Issue Type: Improvement
Components: webui
Reporter: Jacob Janco
Assignee: Jacob Janco
There exists a XSS vulnerability in pailer.html.
`window.name` can be set to an external domain serving js which is wrapped in `<script>` tags by the `getJSON` async call. A detailed example will follow acceptance of the patch.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)