XSS on LDAP Server Settings page

Description

LDAP Settings page (/ldap-server.jsp) is susceptible to XSS - a {{<script>}} tag entered into the BaseDN setting here will be rendered on Server Settings → Profile Settings (/profile-settings.jsp)

Environment

Windows Server 2016

Fixed

Assignee

Guus der Kinderen

Reporter

Dan Caseley

Labels

security-vulnerabitliy

Expected Effort

None

Ignite Forum URL

None

Fix versions

4.4.2

Priority

Major

Configure