Uploaded image for project: 'Hue (READ ONLY)'
  1. Hue (READ ONLY)
  2. HUE-9383

potential Script execution in Share Document UI

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.7.0
    • Fix Version/s: 4.8.0
    • Component/s: core.ui
    • Labels:
    • Environment:

      Hue-4.7

    • Backward Incompatible:
      Backward Incompatible

      Description

      Problem Statement : potential Script execution(XSS Attack & Cross Side Scripting ) in Share Document UI

       

      Reproduction Steps : 

      Create an  user "Test" in Hue by belew steps
      Log in and click Admin -> Manage Users
      Click a Username, click Step 2, and enter Test as username and give

      ><script>alert()</script

      for first and last name. Click Update user

      Now go to Document Page  
      Right-click on a document and click Share. Type 'Test'

      you will find the script executed and alert displayed .

        Attachments

          Activity

            People

            • Assignee:
              asnaik Akhil S Naik
              Reporter:
              asnaik Akhil S Naik
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: