Uploaded image for project: 'JCommune'
  1. JCommune
  2. JC-1791

XSS vulnerability at login page

VotersWatchers
    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 2.5 Larks
    • Fix Version/s: 2.6 Larks
    • Labels:
    • Sprint:
      2.6 Larks

      Description

      Preconditions: Open http://qa.jtalks.org/jcommune/login

      1. In username field enter "><script>alert("hi")</script>
      2. Enter 123456 in password field
      3. Press Sign in/Войти/Увiйти

      Actual result: alert window pops-up
      Expected result: no pop-up window is shown; error "Your login attempt was not successful, try again" appears

      Video: http://www.screencast.com/t/vbUad7wI1lw

        Attachments

          Issue Links

          Testing discovered

          Bug - A problem which impairs or prevents the functions of the product. JC-2289 XSS vulnerability at profile page

          • Major - Major loss of function.
          • Closed

            Structure

              Activity

                People

                • Assignee:
                  Vtech Targa Florio
                  Reporter:
                  Vtech Targa Florio
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Structure Helper Panel