JCommuneIcon indicating the project type

JCommune

Uploaded image for project: 'JCommune'
  1. JCommune
  2. JC-1791

XSS vulnerability at login page

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 2.5 Larks
    • Fix Version/s: 2.6 Larks
    • Labels:
    • Sprint:
      2.6 Larks

      Description

      Preconditions: Open http://qa.jtalks.org/jcommune/login

      1. In username field enter "><script>alert("hi")</script>
      2. Enter 123456 in password field
      3. Press Sign in/Войти/Увiйти

      Actual result: alert window pops-up
      Expected result: no pop-up window is shown; error "Your login attempt was not successful, try again" appears

      Video: http://www.screencast.com/t/vbUad7wI1lw

        Attachments

          Issue Links

          Testing discovered

          Bug - A problem which impairs or prevents the functions of the product. JC-2289 XSS vulnerability at profile page

          • Major - Major loss of function.
          • Closed

            Activity

            Ascending order - Click to sort in descending order
            Hide
            Permalink
            nigredo Andrey Ivanov added a comment -

            I couldn't reproduce bug. Could you try to reproduce it again?

            Show
            nigredo Andrey Ivanov added a comment - I couldn't reproduce bug. Could you try to reproduce it again?
            Hide
            Permalink
            Vtech Targa Florio added a comment - - edited

            Test Environment
            Firefox 27.0, jcommune build 2040

            Test Scenario
            Preconditions: Open http://qa.jtalks.org/jcommune/login

            1. In username field enter "><script>alert("hi")</script>
            2. Enter 123456 in password field
            3. Press Sign in/Войти/Увiйти

            Regression tests:
            User login from page was tested

            Test results:
            Issue cannot be reproduced

            Show
            Vtech Targa Florio added a comment - - edited Test Environment Firefox 27.0, jcommune build 2040 Test Scenario Preconditions: Open http://qa.jtalks.org/jcommune/login 1. In username field enter "><script>alert("hi")</script> 2. Enter 123456 in password field 3. Press Sign in/Войти/Увiйти Regression tests: User login from page was tested Test results: Issue cannot be reproduced

              People

              • Assignee:
                Vtech Targa Florio
                Reporter:
                Vtech Targa Florio
              • Votes:
                0 Vote for this issue
                Watchers:
                Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Structure Helper Panel