We're updating the issue view to help you get more done. 

Reflected XSS vulnerability in muc-room-edit-form.jsp params in Admin Console

Description

The following parameters in '/muc-room-edit-form.jsp' have been identified as being vulnerable to reflected XSS (Cross Site Scripting):

  • roomconfig_persistentroom

  • roomconfig_roomsecret

  • roomconfig_roomsecret2

See the attached Burp Suite report for further details.

Environment

None

Acceptance Test - Entry

None

Activity

Show:
Dave Cridland
January 8, 2016, 8:47 PM

Fixed by PR 446.

Assignee

Dave Cridland

Reporter

Tim Durden

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Affects versions

Priority

Major
Configure