[jira] [Updated] (MESOS-6947) Fix pailer XSS vulnerability

Jacob Janco (JIRA) Wed, 18 Jan 2017 17:50:16 -0800

     [ 
https://issues.apache.org/jira/browse/MESOS-6947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jacob Janco updated MESOS-6947:
-------------------------------
    Shepherd: haosdent

> Fix pailer XSS vulnerability
> ----------------------------
>
>                 Key: MESOS-6947
>                 URL: https://issues.apache.org/jira/browse/MESOS-6947
>             Project: Mesos
>          Issue Type: Improvement
>          Components: webui
>            Reporter: Jacob Janco
>            Assignee: Jacob Janco
>
> There exists a XSS vulnerability in pailer.html.
> `window.name` can be set to an external domain serving js which is wrapped in 
> `<script>` tags by the `getJSON` async call. A detailed example will follow 
> acceptance of the patch. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (MESOS-6947) Fix pailer XSS vulnerability

Reply via email to