Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0012032 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] C. Security | major | always | 2010-01-21 17:55 | 2011-11-22 18:31 | |||
| Reporter | efriese | View Status | public | |||||
| Assigned To | shuehner | |||||||
| Priority | normal | Resolution | duplicate | Fixed in Version | ||||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Linux 32 bit | Database | PostgreSQL | Java version | 1.6.0_16 | |||
| OS Version | Community Appliance | Database version | 8.3.8 | Ant version | 1.7.1 | |||
| Product Version | 2.50MP9 | SCM revision | ||||||
| Review Assigned To | ||||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0012032: Cross-site Scripting in Form_Relation.html | |||||||
| Description | The value for inpParamSessionDate is not validated/escaped to prevent malicious code from being executed in the browser. | |||||||
| Steps To Reproduce | The TamperData plugin for Firefox or another type of proxy will be needed to reproduce. Visit /openbravo/Form/Form_Relation.html and use TamperData to change the value of inpParamSessionDate to: inpParamSessionDate=>%22%27><img%20src%3d%22javascript:alert('XSS')%22> An alert box will display XSS. | |||||||
| Proposed Solution | The value of inpParamSessionDat should be escaped to prevent code from being executed in the browser. More info can be found at http://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29 [^] | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0043096) shuehner (administrator) 2011-11-22 18:31 |
Consolidating issue based on same source file. Keeping all of them in issue 12034. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2010-01-21 17:55 | efriese | New Issue | |
| 2010-01-21 17:55 | efriese | Assigned To | => alostale |
| 2010-01-25 08:15 | alostale | Status | new => scheduled |
| 2010-01-25 08:15 | alostale | Assigned To | alostale => shuehner |
| 2011-11-22 18:31 | shuehner | Relationship added | duplicate of 0012034 |
| 2011-11-22 18:31 | shuehner | Note Added: 0043096 | |
| 2011-11-22 18:31 | shuehner | Status | scheduled => closed |
| 2011-11-22 18:31 | shuehner | Resolution | open => duplicate |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |