Skip to first unread message
Ben Parrish
Jan 12, 2016, 2:31:11 PM1/12/16
to SonarQube
Was able to update a user name with the following...
Joe'}; alert("Test"); window.SS = {userName: 'Joe
Every page load saw an alert box with "Test".
Simon Brandhof
Jan 13, 2016, 3:25:13 AM1/13/16
to SonarQube
Hi Ben,
Which version has this vulnerability ?
Thanks
Ben Parrish
Jan 13, 2016, 2:27:32 PM1/13/16
to SonarQube
Ben Parrish
Jan 14, 2016, 1:45:53 PM1/14/16
to SonarQube
5.3
On Wednesday, January 13, 2016 at 3:25:13 AM UTC-5, Simon Brandhof wrote:
On Wednesday, January 13, 2016 at 3:25:13 AM UTC-5, Simon Brandhof wrote:
Simon Brandhof
Jan 15, 2016, 3:07:37 AM1/15/16
to Ben Parrish, SonarQube
Ok thanks for the information, it will be fixed in 5.4.
Regards
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/4d9515aa-27ad-4782-9d1f-6770625c9eca%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages