Uploaded image for project: 'JCommune'
  1. JCommune
  2. JC-1300

XSS: possibility to enter code in pagination

VotersWatchers
    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.3 Larks
    • Fix Version/s: 1.4 Larks
    • Labels:
      None
    • Sprint:
      1.3 Larks, 1.4 Larks

      Description

      Steps to reproduce:
      1. Go to http://uat.jtalks.org/jcommune/search/?searchText=%3CMETA+HTTP-EQUIV%3D%27Refresh%27+content+%3D%270%3B+URL%3Dhttp%3A%2F%2Fya.ru%27%3E

      Actual Result: Code is shown in pagination
      Expected result: there is page numbers in pagination field

        Attachments

          Issue Links

          clones

          Bug - A problem which impairs or prevents the functions of the product. QASANDBOX-22 Результат поиска. Часть кода вместо номера страницы

          • Major - Major loss of function.
          • Open
          relates to

          Bug - A problem which impairs or prevents the functions of the product. JC-1334 Error 404 is shown in case there is / or \ in search query

          • Major - Major loss of function.
          • Open

            Structure

              Activity

                People

                • Assignee:
                  julik Julia Atlygina
                  Reporter:
                  galina Galina
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - 0h
                    0h
                    Remaining:
                    Remaining Estimate - 0h
                    0h
                    Logged:
                    Time Spent - 6h
                    6h

                      Structure Helper Panel