• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • other
    • None
    • Platform: All, OS: All

      Hudson 1.295 allows user to type cross-site scriptings(xss) on search-box.
      Example:
      http://hudson-host/search/?
      q=<script>alert('script');</script>&json={"q":+"<script>alert('oops');</script>"
      }

          [JENKINS-3415] Cross-site scripting in search box

          danielvs created issue -
          SCM/JIRA link daemon made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]
          Andrew Bayer made changes -
          Status Original: Resolved [ 5 ] New: Closed [ 6 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 133488 ] New: JNJira + In-Review [ 202197 ]

            kohsuke Kohsuke Kawaguchi
            danielvs danielvs
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: