Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-14309

HTML injection in username

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • ci-game-plugin
    • None

      One of our developers set their username so this was in the config:

      <?xml version='1.0' encoding='UTF-8'?>
      <user>
      <fullName>First Last </a></td><td></td><td>1000000.0</td></tr><tr><td><a href="www.bbc.co.uk"></fullName>

      This could be used for evil javascript injection purposes as well as silly ones.

            ohtake_tomohiro OHTAKE Tomohiro
            asuffiel Andrew Suffield
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: