Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-6554

XSS vulnerability in outreach plugin

    XMLWordPrintable

Details

    • Yes
    • Sprint 15

    Description

      Log into nexus using latest Firefox, then visit:

      http://localhost:8081/nexus/service/local/outreach/welcome/images/%3Cscript%3Ealert%281%29%3C/script%3E

      Observe that the javascript embedded in the URL is executed.

      Note that this doesn't work for Chrome or Safari because they will not execute javascript embedded in in the URL

      Attachments

        Activity

          People

            alin Alin Dreghiciu
            rseddon Rich Seddon
            Peter Lynch Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              tigCommentSecurity.panel-title