Ahmed Ababneh ( https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=626aa382a32183006f254919 ) *created* an issue
GeoServer ( https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiOGRmMDMyOTgwNDI0NGNmODliZGQ3ZWM0ZTJlNjgwNmUiLCJwIjoiaiJ9 ) / Bug ( https://osgeo-org.atlassian.net/browse/GEOS-10598?atlOrigin=eyJpIjoiOGRmMDMyOTgwNDI0NGNmODliZGQ3ZWM0ZTJlNjgwNmUiLCJwIjoiaiJ9 ) GEOS-10598 ( https://osgeo-org.atlassian.net/browse/GEOS-10598?atlOrigin=eyJpIjoiOGRmMDMyOTgwNDI0NGNmODliZGQ3ZWM0ZTJlNjgwNmUiLCJwIjoiaiJ9 ) XSS vulnerability in the email address field ( https://osgeo-org.atlassian.net/browse/GEOS-10598?atlOrigin=eyJpIjoiOGRmMDMyOTgwNDI0NGNmODliZGQ3ZWM0ZTJlNjgwNmUiLCJwIjoiaiJ9 ) Issue Type: Bug Assignee: Unassigned Created: 25/Jul/22 12:02 PM Priority: Medium Reporter: Ahmed Ababneh ( https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=626aa382a32183006f254919 ) We noticed that the user can enter malicious content in the email address field. This content will can then be executed on the client machine. This can be used for various attacks such as user personalization in what is known XSS attacks. ( https://osgeo-org.atlassian.net/browse/GEOS-10598#add-comment?atlOrigin=eyJpIjoiOGRmMDMyOTgwNDI0NGNmODliZGQ3ZWM0ZTJlNjgwNmUiLCJwIjoiaiJ9 ) Add Comment ( https://osgeo-org.atlassian.net/browse/GEOS-10598#add-comment?atlOrigin=eyJpIjoiOGRmMDMyOTgwNDI0NGNmODliZGQ3ZWM0ZTJlNjgwNmUiLCJwIjoiaiJ9 ) Get Jira notifications on your phone! Download the Jira Cloud app for Android ( https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail ) or iOS ( https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100202- sha1:5d6ea73 )
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
