Fixed
Details
Assignee
Guus der KinderenGuus der KinderenReporter
Guus der KinderenGuus der KinderenComponents
Fix versions
Priority
Critical
Details
Details
Assignee
Guus der Kinderen
Guus der Kinderen
Reporter
Guus der Kinderen
Guus der KinderenComponents
Fix versions
Priority
CriticalCreated November 22, 2019 at 9:36 AM
Updated January 10, 2020 at 4:40 PM
Resolved November 22, 2019 at 7:34 PM
Reflected XSS issue in the MUC room affiliation page.
Reproduction:
http://localhost:9090/muc-room-affiliations.jsp?roomJID=test%40conference.laptop-guus&userJID=%22%3E%3Cscript%3Ealert(%27Reflected%20XSS%20in%20admin%20console%20via%20Room%20Affiliations%27)%3C/script%3E
As reported by Jacob Baines from Tenable's research team