You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by "Francesco Chicchiriccò (Jira)" <ji...@apache.org> on 2019/11/26 07:51:00 UTC
[jira] [Deleted] (SYNCOPE-1516) XSS vulnerability (successmessage
field)
[ https://issues.apache.org/jira/browse/SYNCOPE-1516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Francesco Chicchiriccò deleted SYNCOPE-1516:
--------------------------------------------
> XSS vulnerability (successmessage field)
> ----------------------------------------
>
> Key: SYNCOPE-1516
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1516
> Project: Syncope
> Issue Type: Bug
> Environment: ubuntu 5.0.0-36-generic #39~18.04.1-ubuntu
> (syncope-standalone-2.1.5-distribution.zip)
> Reporter: songmingxuan
> Priority: Major
> Labels: XSS
>
> Here's how XSS works and the URL
> ——————————
> http://*.*.*.*:9080/syncope-enduser/app/#!/self?successMessage=<script>alert(11)</script>
> http://*.*.*.*:9080/syncope-enduser/?successMessage=<script>alert(11)</script>
> ——————————
>
> See attached documents for details :syncope_xss.docx
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)