[
https://issues.apache.org/jira/browse/OPENMEETINGS-1379?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Maxim Solodovnik closed OPENMEETINGS-1379.
------------------------------------------
> XSS in Chat window leading to DOS
> ---------------------------------
>
> Key: OPENMEETINGS-1379
> URL: https://issues.apache.org/jira/browse/OPENMEETINGS-1379
> Project: Openmeetings
> Issue Type: Bug
> Components: UI
> Affects Versions: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7,
> 3.1.0, 3.1.1, 3.1.2
> Reporter: Subho Halder
> Assignee: Maxim Solodovnik
> Priority: Blocker
> Labels: security
> Fix For: 3.1.2, 3.2.0, 4.0.0
>
>
> The chat window can execute XSS payloads, thus one can infect all the users
> who have joined the room/meeting. The XSS is persistent and that can lead to
> Denial of Service.
> A simple popup which alerts 9 can make it hard for other user to use it.
> One can check the POC by trying to log-in at the demo server provided:
> https://om.alteametasoft.com/openmeetings/
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
