[
https://issues.apache.org/jira/browse/OPENMEETINGS-793?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13769306#comment-13769306
]
rahul bhola commented on OPENMEETINGS-793:
------------------------------------------
try using only the first script. now it wont perform an alert directly because
it is associated with the <a> tag. first of all notice that notthing will come
in the chat space. now hover above the empty space in which the chat comment
with script is there. Click on it and then you would get the script running.
This worked on 2.2.0
> Possibility of Code Injection Vulnerability found.
> --------------------------------------------------
>
> Key: OPENMEETINGS-793
> URL: https://issues.apache.org/jira/browse/OPENMEETINGS-793
> Project: Openmeetings
> Issue Type: Bug
> Environment: flash version 11.2.202.243 , mozilla firefox, linux
> Reporter: rahul bhola
> Priority: Critical
> Attachments: 1.png, 2.png
>
>
> Code injection vulnerability. I was using flash version 11.2.202.243 and OM
> hosted at http://demo.dataved.ru/openmeetings/ . there is a possibility of
> code injection in chat room. I was able to pass javascript code to the
> browser engine in mozilla firefox (linux)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
