We're updating the issue view to help you get more done. 

Stored XSS in Property Name in Security Audit Viewer

Description

If someone puts a script into Property Name field when creating a new system property, it gets executed, when viewing in Security Audit Viewer.

Say <script>alert(1)</script>

Environment

None

Acceptance Test - Entry

None

Assignee

Greg Thomas

Reporter

wroot

Labels

Expected Effort

None

Components

Fix versions

Priority

Minor
Configure