Loading...

XML

Word

Printable

Details

Type: Bug Report
Resolution: Fixed
Priority: L3 - Default
Fix Version/s: 7.3.8, 7.4.12, 7.7.0, 7.5.8, 7.6.3, 7.7.0-alpha1
Affects Version/s: 7.4.7
Component/s: admin, cockpit
Labels:
None

Description

Use following command

<script>window.alert("hallo")</script>

Following input fields are affected
Cockpit:
Process Instance View: User Task Assignee
Process Instance View: Add string variable with name <script>window.alert("hallo")</script> in the instance modification menu. Subsequently go to variables tab and change the variable type to object. This can also be done by other users --> XSS

Admin:
Create new User Menu: User Id*
Create new Groups Menu: Group Id*

mgm-controller-panel

This is the controller panel for Smart Panels app

Attachments

Activity

People

Assignee:: Michael Schoettes

Reporter:: Michael Schoettes

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 14/Jun/16 11:58 AM

Updated:: 10/Feb/17 6:26 AM

Resolved:: 19/Jan/17 5:38 PM

Javascript code executable in input fields