[CNTCTSAPP-41] XSS vulnerability of ContactPreviewComponent Created: 12/Mar/13  Updated: 26/Sep/13  Resolved: 25/Jul/13

Status: Closed
Project: Contacts App
Component/s: None
Affects Version/s: 1.0.1
Fix Version/s: 1.0.2

Type: Bug Priority: Blocker
Reporter: Roman Kovařík Assignee: Federico Grilli
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relation
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

Steps to reproduce:

  1. Edit some contact, use some XSS for Organization field, save.
  2. Edit Contact teaser on some page (http://localhost:8080/magnoliaAuthor/demo-project/news-and-events.html).
  3. Choose contact from the first step.
    -> XSS exploit.

The above issue basically concerns any text fields and text areas displayed by the component.



 Comments   
Comment by Federico Grilli [ 25/Jul/13 ]

reopen to backport to 1.0.2

Comment by Federico Grilli [ 25/Jul/13 ]

master is already 1.0.2-SNAPSHOT thus the fix was already applied. No need to have a 1.1 fix version.

Generated at Mon Feb 12 00:10:04 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.