Uploaded image for project: 'JCommune'
  1. JCommune
  2. JC-2373

XSS in Q&A topic title

VotersWatchers
    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.9 Larks
    • Fix Version/s: None
    • Labels:
    • Sprint:
      3.12 Larks

      Description

      Preconditions
      Q&A topic with title

      <script type="text/javascript">alert('Ooops');</script>

      is created. This topic contains Answer1

      Steps to reproduce
      1. User presses "Edit" button for Answer1

      Actual result
      Edit answer form is open, alert window is displayed, there is no topic title

      Expected result
      Edit answer form is open, there is no alert window, topic title is displayed

        Attachments

          Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JC-2418 Q&A: Answer to question with empty body leads to changing topic's title

          • Major - Major loss of function.
          • Open

            Structure

              Activity

                People

                • Assignee:
                  varro Artem R
                  Reporter:
                  varro Artem R
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Structure Helper Panel