Project

General

Profile

Actions

Bug #21468

closed

Bug #21442: Various XSS vulnerabilities in the interface

XSS in API account description

Added by Alexis Mousset over 2 years ago. Updated over 1 year ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:

Description

Even if the API accound management is now implemented in Elm it is vulnerable to an XSS in the description tooltip as we build it as raw string inside an attribute.

The impact here is low as the API accounts page or API is only available to administrators.

Actions

Also available in: Atom PDF