Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-20614

RXSS via xredirect paramer in DeleteApplication

    XMLWordPrintable

Details

    • Unknown
    • N/A

    Description

      Reproduction steps:

      Expected result:

      • The user is redirected to the list of applications

      Obtained result:

      • A javascript alert is displayed

      This shows that this view can be exploited to stole information from admins.

      Attachments

        Issue Links

          depends on

          Improvement - An improvement or enhancement to an existing feature or task. XWIKI-20583 Provide a macro for sanitizing URLs in templates

          • Major - Major loss of function.
          • Closed
          is caused by

          Improvement - An improvement or enhancement to an existing feature or task. XWIKI-8757 Support 2 roles for users for app within minutes: application creator and data creator

          • Major - Major loss of function.
          • Closed

          Activity

            People

              surli Simon Urli
              surli Simon Urli
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: