Reflected XSS vulnerability in muc-room-edit-form.jsp params in Admin Console

Description

The following parameters in '/muc-room-edit-form.jsp' have been identified as being vulnerable to reflected XSS (Cross Site Scripting):

  • roomconfig_persistentroom

  • roomconfig_roomsecret

  • roomconfig_roomsecret2

See the attached Burp Suite report for further details.

Environment

None

Activity

Show:

Dave Cridland January 8, 2016 at 8:47 PM

Fixed by PR 446.

Fixed

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Priority

Created January 4, 2016 at 6:38 PM
Updated October 28, 2020 at 11:02 AM
Resolved January 8, 2016 at 8:47 PM