Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-6554

XSS vulnerability in outreach plugin

    Details

    • Release Note:
      Yes
    • Sprint:
      Sprint 15

      Description

      Log into nexus using latest Firefox, then visit:

      http://localhost:8081/nexus/service/local/outreach/welcome/images/%3Cscript%3Ealert%281%29%3C/script%3E

      Observe that the javascript embedded in the URL is executed.

      Note that this doesn't work for Chrome or Safari because they will not execute javascript embedded in in the URL

        Attachments

          Activity

            People

            Assignee:
            alin Alin Dreghiciu
            Reporter:
            rseddon Rich Seddon
            Last Updated By:
            Peter Lynch Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title