Ashok Kumar created FELIX-6132:
----------------------------------
Summary: XSS possible in service console
Key: FELIX-6132
URL: https://issues.apache.org/jira/browse/FELIX-6132
Project: Felix
Issue Type: Bug
Components: Web Console
Affects Versions: webconsole-4.3.8
Reporter: Ashok Kumar
Fix For: webconsole-4.3.10
*Issue Summary :* There is a XSS possible in system console.
*Steps to reproduce :*
# Open a local instance
# Open the link
[http://localhost:4502/system/console/services?filter=%22onmouseover=%22alert(%27xss%27)%22]
in Internet Explorer. A pop would come when you mouse over the filter input
box.
# Chrome would auto flag XSS exploit and prevent page load
*Expected Behavior :* The pop up should not come up.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
