You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by "Maxim Solodovnik (JIRA)" <ji...@apache.org> on 2016/04/26 16:28:12 UTC
[jira] [Commented] (OPENMEETINGS-1379) XSS in Chat window leading
to DOS
[ https://issues.apache.org/jira/browse/OPENMEETINGS-1379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15258166#comment-15258166 ]
Maxim Solodovnik commented on OPENMEETINGS-1379:
------------------------------------------------
"><img src=f onerror=alert("Welcome To Open Meeting") />
<img src="f" onerror="alert(Welcome)">
"><img src=f onerror=alert(9) /><div><br></div>
> XSS in Chat window leading to DOS
> ---------------------------------
>
> Key: OPENMEETINGS-1379
> URL: https://issues.apache.org/jira/browse/OPENMEETINGS-1379
> Project: Openmeetings
> Issue Type: Bug
> Components: UI
> Affects Versions: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.1.0, 3.1.1, 3.1.2
> Reporter: Subho Halder
> Assignee: SebastianWagner
> Priority: Critical
> Labels: security
>
> The chat window can execute XSS payloads, thus one can infect all the users who have joined the room/meeting. The XSS is persistent and that can lead to Denial of Service.
> A simple popup which alerts 9 can make it hard for other user to use it.
> One can check the POC by trying to log-in at the demo server provided: https://om.alteametasoft.com/openmeetings/
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)