-
Bug
-
Resolution: Fixed
-
Critical
-
None
-
Platform: All, OS: All
Hudson 1.295 allows user to type cross-site scriptings(xss) on search-box.
Example:
http://hudson-host/search/?
q=<script>alert('script');</script>&json={"q":+"<script>alert('oops');</script>"
}
[JENKINS-3415] Cross-site scripting in search box
Resolution | New: Fixed [ 1 ] | |
Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
Workflow | Original: JNJira [ 133488 ] | New: JNJira + In-Review [ 202197 ] |