[NXS-4688] XSS in resources explorer - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 73.12
Component/s: Resources

Epic Link:
Important Studio Bugs
Tags:
- nxnos
- security
Sprint:
NOS 10.2.3

Description

Forging this type of url :
https://connect.nuxeo.com/nuxeo/site/studio/v2/project/*project-name*/workspace/ws.resources/nuxeo.war/<img >

Allow an attacker to try to attack and steal support session

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

Connect-Bug-Bounty-Reflected-Cross-Site-Scripting.pdf
44 kB
2018-04-12 17:55

Activity

People

Assignee:

Romain Sertelon

Reporter:

Rémi Cattiau

Participants:

Jenkins, Rémi Cattiau, Romain Sertelon

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2018-04-12 17:55

Updated:

2018-04-17 10:14

Resolved:

2018-04-17 08:39

Time Tracking

Estimated:

Not Specified

Remaining:

0m

Logged:

10m