[NXP-15367] Fix XSS issue on document library gadget - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 5.6.0-HF40, 5.8.0-HF23, 6.0
Component/s: Social Collaboration (deprecated)

Description

After putting the following as a document title:

"><iframe src="" onload="alert('I can see your cookies! ' + document.cookie)">

Displaying the document in the document library gadget will popup the alert.

Attachments

Activity

People

Assignee:

Thomas Roger

Reporter:

Thomas Roger

Participants:

Jenkins, Thomas Roger

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2014-09-29 13:58

Updated:

2016-02-02 10:13

Resolved:

2014-09-29 14:11