Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-3415

Cross-site scripting in search box

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Component/s: other
    • Labels:
      None
    • Environment:
      Platform: All, OS: All
    • Similar Issues:

      Description

      Hudson 1.295 allows user to type cross-site scriptings(xss) on search-box.
      Example:
      http://hudson-host/search/?
      q=<script>alert('script');</script>&json={"q":+"<script>alert('oops');</script>"
      }

        Attachments

          Activity

            People

            Assignee:
            kohsuke Kohsuke Kawaguchi
            Reporter:
            danielvs danielvs
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: