Loading...

This issue is archived. You can view it, but you can't modify it. Learn more

Log In
Closed

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Critical
Component/s: other
Labels:
- issue-exported-to-github
Environment:
Platform: All, OS: All

Hudson 1.295 allows user to type cross-site scriptings(xss) on search-box.
Example:
http://hudson-host/search/?
q=<script>alert('script');</script>&json={"q":+"<script>alert('oops');</script>"
}

Assignee:: Kohsuke Kawaguchi
Reporter:: danielvs

Created:: 2009-04-02 14:33
Updated:: 2025-12-08 10:54
Resolved:: 2009-04-04 10:12
Archived:: 2025-12-08 10:54

Details

Description

Attachments

Activity

People

Dates