You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Jacob Janco (JIRA)" <ji...@apache.org> on 2017/01/18 23:35:26 UTC

[jira] [Created] (MESOS-6947) Fix pailer XSS vulnerability

Jacob Janco created MESOS-6947:
----------------------------------

             Summary: Fix pailer XSS vulnerability
                 Key: MESOS-6947
                 URL: https://issues.apache.org/jira/browse/MESOS-6947
             Project: Mesos
          Issue Type: Improvement
          Components: webui
            Reporter: Jacob Janco
            Assignee: Jacob Janco


There exists a XSS vulnerability in pailer.html.

`window.name` can be set to an external domain serving js which is wrapped in `<script>` tags by the `getJSON` async call. A detailed example will follow acceptance of the patch. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)