[jira] [Updated] (AMBARI-25329) Ambari breadcrumbs xss vulnerability

Antonenko Alexander (JIRA) Mon, 01 Jul 2019 04:48:36 -0700


     [ 
https://issues.apache.org/jira/browse/AMBARI-25329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Antonenko Alexander updated AMBARI-25329:
-----------------------------------------
    Status: Patch Available  (was: Open)

> Ambari breadcrumbs xss vulnerability
> ------------------------------------
>
>                 Key: AMBARI-25329
>                 URL: https://issues.apache.org/jira/browse/AMBARI-25329
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-web
>    Affects Versions: 2.7.4
>            Reporter: Antonenko Alexander
>            Assignee: Antonenko Alexander
>            Priority: Blocker
>              Labels: pull-request-available
>             Fix For: 2.7.4
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Special characters should be encoded when displayed in Ambari Views.
> If special characters are not encoded, then scripts 
> ({{<script>alert("xss!")</script>}}) may be executed due to user input. For 
> example, issues may occur by placing special character in the Display Name 
> field of an Ambari View.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (AMBARI-25329) Ambari breadcrumbs xss vulnerability

Reply via email to