Project

General

Profile

Actions

Bug #5201

closed

Stored XSS on authentication services

Added by Fernando Munoz about 9 years ago. Updated about 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
Start date:
09/24/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

To reproduce the cross-site scripting:

1. Go to https://localhost:9090/system_authservers.php?act=new

- on field Descriptive name:  "></option></select><img src=x onerror=alert(1)>
- fill other required fields
- save

2. Go to https://localhost:9090/diag_authentication.php

Alert appears


Files

XSS2.png (93.6 KB) XSS2.png Fernando Munoz, 09/24/2015 10:27 AM
XSS1.png (110 KB) XSS1.png Fernando Munoz, 09/24/2015 10:28 AM
Actions

Also available in: Atom PDF