Project

General

Profile

Actions
Copy link

Bug #5201

closed

Stored XSS on authentication services

Added by Fernando Munoz over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
2.2.5
Start date:
09/24/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

To reproduce the cross-site scripting:

1. Go to https://localhost:9090/system_authservers.php?act=new

- on field Descriptive name:  "></option></select><img src=x onerror=alert(1)>
 - fill other required fields
 - save

2. Go to https://localhost:9090/diag_authentication.php

Alert appears

Files

Download all files
XSS2.png (93.6 KB) XSS2.png Fernando Munoz, 09/24/2015 10:27 AM
XSS1.png (110 KB) XSS1.png Fernando Munoz, 09/24/2015 10:28 AM
Actions
Copy link

Also available in: Atom PDF