XSS on migration details page

Description

XSS can be injected using the errros, warnings or info query parameter. If the migration has no detailed in those categories, then and query parameter will be processed.

Environment

None

Activity

Show:

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details

Assignee

Mark Rekveld

Reporter

Mark Rekveld

Labels

bugcrowd

Components

Fix versions

server-5.15.1

lite-5.15.1

Affects versions

server-5.15.0

lite-5.15.0

Priority

Major

Zoom

Open Zoom

Created June 10, 2023 at 8:47 PM

Updated March 26, 2024 at 3:23 PM

Resolved June 13, 2023 at 11:27 AM

Configure

Zoom