#2645 XSS web vulnerability
Closed: Fixed a year ago by tkopecek. Opened a year ago by tkopecek.

CVE-2020-15856 - Web interface can be abused by XSS attack. Attackers can supply subversive http links containing malicious javascript code. Such links were not controlled properly, so attackers can potentially force users to submit actions which were not intended. Some actions which can be done via web UI can be destructive, so updating to this version is highly recommended.

Metadata Update from @tkopecek:
- Custom field Size adjusted to None
- Issue tagged with: bug

a year ago

Metadata Update from @tkopecek:
- Issue private status set to: False (was: True)

a year ago

Login to comment on this ticket.

Related Pull Requests
  • #2652 Merged a year ago