Uploaded image for project: 'Hue (READ ONLY)'
  1. Hue (READ ONLY)
  2. HUE-2583

[core] DOM Based XSS

          Details

          • Type: Bug
          • Status: Resolved
          • Priority: Major
          • Resolution: Fixed
          • Affects Version/s: 2.2.0, 2.5.0
          • Fix Version/s: 3.8.0
          • Component/s: core.api, core.ui
          • Labels:
          • Target Version:
          • Easy:
            Easy

            Description

            Due to unvalidated use of window.location.hash and use of vulnerable version of jQuery it is possible to execute malicious JS.

              Attachments

                Activity

                  People

                  • Assignee:
                    enricoberti Enrico Berti
                    Reporter:
                    diziourov Daniel Iziourov
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: