Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

XSS injection in object lists #3831

Closed
kduret opened this issue Oct 15, 2015 · 2 comments
Closed

XSS injection in object lists #3831

kduret opened this issue Oct 15, 2015 · 2 comments
Assignees
@kduret
Labels
kind/enhancement
Milestone
Centreon 2.6.5

Comments

@kduret
Copy link
Contributor

kduret commented Oct 15, 2015

XSS injection is possible on comments column, and some others
@kduret kduret self-assigned this Oct 15, 2015
@kduret kduret added this to the Centreon 2.6.5 milestone Oct 15, 2015
kduret added a commit that referenced this issue Oct 15, 2015
@kduret
#3831 avoid xss injection
7be5492
@Sims24
Copy link

Sims24 commented Oct 21, 2015

Ok on my side for comments, downtime, etc ... fixed !

Just notice a strange behaviour on host/service form with following test :

<script>alert('fire in the hole')</script>

Anyway, that is probably linked with illegal char and automatic str replacement in object name, not a security issue for the point below IMOO

@Sims24
Copy link

Sims24 commented Oct 21, 2015

Note: My test has been squeezed by github form of course :') dumb me. Will sent it to kevin to reproduce. Will be an other ticket anyway !

Thanks

@querwin querwin reopened this Oct 22, 2015
kduret added a commit that referenced this issue Oct 22, 2015
@kduret
#3831 avoid other xss injection
5de9b03
kduret added a commit that referenced this issue Oct 22, 2015
@kduret
#3831 avoid other xss injection
47e58f1
@querwin querwin closed this as completed Oct 22, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@kduret kduret

Labels
kind/enhancement
Projects
None yet
Milestone
Centreon 2.6.5
Development

No branches or pull requests
4 participants
@julienmathis @querwin @kduret @Sims24