Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-20614

RXSS via xredirect paramer in DeleteApplication

    XMLWordPrintable

Details

    • Unknown
    • N/A

    Description

      Reproduction steps:

      Expected result:

      • The user is redirected to the list of applications

      Obtained result:

      • A javascript alert is displayed

      This shows that this view can be exploited to stole information from admins.

      Attachments

        Issue Links

          Activity

            People

              surli Simon Urli
              surli Simon Urli
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: