XSS on LDAP Server Settings page

Description

LDAP Settings page (/ldap-server.jsp) is susceptible to XSS - a {{<script>}} tag entered into the BaseDN setting here will be rendered on Server Settings → Profile Settings (/profile-settings.jsp)

Environment

Windows Server 2016

Fixed

Assignee

Guus der Kinderen

Reporter

Dan Caseley

Expected Effort

None

Ignite Forum URL

None

Fix versions

Priority

Major
Configure