Bug 588742 - XSS attack vulnerability with alias
Summary: XSS attack vulnerability with alias
Status: RESOLVED FIXED
Alias: None
Product: WebYaST
Classification: SUSE Appliance Toolkit
Component: Repositories (show other bugs)
Version: git head
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Ladislav Slezák
QA Contact: Martin Vidner
URL:
Whiteboard:
Keywords: security
Depends on:
Blocks:
 
Reported: 2010-03-16 18:13 UTC by Josef Reidinger
Modified: 2010-03-17 16:49 UTC (History)
1 user (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Josef Reidinger 2010-03-16 18:13:02 UTC 
If I add alias of repository e.g. <script type="text/javascript">alert("XSS attack!")</script> via e.g. zypper, then it is properly escaped in overview of repositories, but when I click on repository with this alias it shows alert.
Comment 1 Ladislav Slezák 2010-03-17 16:49:04 UTC 
Fixed in webyast-software-ui-0.1.10