Uploaded image for project: 'JCommune'
  1. JCommune
  2. JC-2391

XSS on users list page

VotersWatchers
    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.11 Larks
    • Fix Version/s: None
    • Labels:
    • Sprint:
      3.11 Larks

      Description

      Preconditions
      There is group with name 

      <script>alert("Name1")</script>

      User has admin permissions

      Steps to reproduce
      1. Go to Administration - Users
      2. Search for any existed user

      Actual result
      Alert window with text "Name1" is displayed, there is no group <script>alert("Name1")</script> in groups list

      Expected result
      There is no alert window, group <script>alert("Name1")</script> presents in groups list

        Attachments

          Issue Links

          Discovered while testing

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. JC-2367 Edit user groups

          • Major - Major loss of function.
          • Closed

            Structure

              Activity

                People

                • Assignee:
                  varro Artem R
                  Reporter:
                  varro Artem R
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Structure Helper Panel