Uploaded image for project: 'Nuxeo Studio'
  1. Nuxeo Studio
  2. NXS-4688

XSS in resources explorer

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 73.12
    • Component/s: Resources

      Description

      Forging this type of url :
      https://connect.nuxeo.com/nuxeo/site/studio/v2/project/*project-name*/workspace/ws.resources/nuxeo.war/<img >

      Allow an attacker to try to attack and steal support session

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 10 minutes
                10m

                  PagerDuty

                  Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.