[JIRA] [ghprb] (JENKINS-23122) Cross-Site-Scripting (XSS) Vulnarability: Github Titles rendered unescaped to build description

[thra...@gmx.net (JIRA)]

Mark Michaelis created JENKINS-23122 Cross-Site-Scripting (XSS) Vulnarability: Github Titles rendered unescaped to build description Issue Type: Bug Assignee: Honza Brázdil Attachments: 2014-05-21_Auswahl_001.png Components: ghprb Created: 21/May/14 11:05 AM Description: When having a pull request title which contains quotes the title is put into the build description unescaped which actually allows XSS (e. g. execute a task in the name of a different user). At first glance it only corrupts the output: Project: Jenkins Priority: Major Reporter: Mark Michaelis

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.