[ https://issues.apache.org/jira/browse/OPENMEETINGS-793?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13768117#comment-13768117 ]
Maxim Solodovnik commented on OPENMEETINGS-793: ----------------------------------------------- I thought HTML5 editor perform all necessary clean up :( Seems this need to be tested additionally > Possibility of Code Injection Vulnerability found. > -------------------------------------------------- > > Key: OPENMEETINGS-793 > URL: https://issues.apache.org/jira/browse/OPENMEETINGS-793 > Project: Openmeetings > Issue Type: Bug > Environment: flash version 11.2.202.243 , mozilla firefox, linux > Reporter: rahul bhola > Priority: Critical > Attachments: 1.png, 2.png > > > Code injection vulnerability. I was using flash version 11.2.202.243 and OM > hosted at http://demo.dataved.ru/openmeetings/ . there is a possibility of > code injection in chat room. I was able to pass javascript code to the > browser engine in mozilla firefox (linux) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira