XSS on LDAP Server Settings page

Description

LDAP Settings page (/ldap-server.jsp) is susceptible to XSS - a {{<script>}} tag entered into the BaseDN setting here will be rendered on Server Settings → Profile Settings (/profile-settings.jsp)

Environment

Windows Server 2016

Activity

Show:

Fixed

Details
Assignee
Guus der Kinderen
Reporter
Dan Caseley
Labels
security-vulnerabitliy
Fix versions
4.4.2
Priority
Major

Created September 23, 2019 at 4:18 PM

Updated September 24, 2019 at 12:49 PM

Resolved September 24, 2019 at 12:49 PM

XSS on LDAP Server Settings page

Description

Environment

Activity

DetailsAssigneeGuus der KinderenGuus der KinderenReporterDan CaseleyDan CaseleyLabelssecurity-vulnerabitliyFix versions4.4.2PriorityMajor

Details

Assignee

Reporter

Labels

Fix versions

Priority

Details
Assignee
Guus der Kinderen
Reporter
Dan Caseley
Labels
security-vulnerabitliy
Fix versions
4.4.2
Priority
Major