[jboss-jira] [JBoss JIRA] Updated: (JBAS-5855) Moderate: Cross-Site-Scripting in JMX console
Clive Saldanha (JIRA)
jira-events at lists.jboss.org
Wed Aug 13 14:47:40 EDT 2008
[ https://jira.jboss.org/jira/browse/JBAS-5855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Clive Saldanha updated JBAS-5855:
---------------------------------
Description:
Quoting Marc Schoenefeld from JBPAPP issue
"Enter
aa"<script>alert(document.cookie)</script>:*
into
http://127.0.0.1:8080/jmx-console/HtmlAdaptor?action=displayMBeans
it will show that arbitrary web script can be inserted"
was:
Marc Schoenefeld
"Enter
aa"<script>alert(document.cookie)</script>:*
into
http://127.0.0.1:8080/jmx-console/HtmlAdaptor?action=displayMBeans
it will show that arbitrary web script can be inserted"
> Moderate: Cross-Site-Scripting in JMX console
> ---------------------------------------------
>
> Key: JBAS-5855
> URL: https://jira.jboss.org/jira/browse/JBAS-5855
> Project: JBoss Application Server
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: JBossAS-5.0.0.CR1, JBossAS-4.2.3.GA
> Reporter: Clive Saldanha
> Fix For: JBossAS-5.0.0.CR2, JBossAS-4.2.4.GA
>
>
> Quoting Marc Schoenefeld from JBPAPP issue
> "Enter
> aa"<script>alert(document.cookie)</script>:*
> into
> http://127.0.0.1:8080/jmx-console/HtmlAdaptor?action=displayMBeans
> it will show that arbitrary web script can be inserted"
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list