Project

General

Profile

Actions

Bug #8000

closed

XSS on index.php via widget sequence parameters

Added by Jim Pingle about 7 years ago. Updated about 7 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Category:
Dashboard
Target version:
Start date:
10/24/2017
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.x
Affected Architecture:
All

Description

The widget 'sequence' parameter does not perform sanity checking on the widget instance counter, leading to an XSS as it is echoed back to the user directly

To test, edit config, add this to widget sequence tag:

,log:col2:open:next22611;alert(1)//139

Only affects 2.4.x

Actions

Also available in: Atom PDF