[NMS-9421] Possible XSS in Alarm Filter Favorites - The OpenNMS Issue Tracker

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 19.1.0
Fix Version/s: 20.0.1, Meridian-2017.1.0
Component/s: Web UI - General
Security Level: Default (Default Security Scheme)
Labels:
None

Sprint:
Horizon - June 7th, Horizon - June 14th

Description

If the search query includes an apostrophe in the description field, then the label is shown incorrectly on the "Alarm Filter Favorites" tab.

I haven't tested enough to see if this is exploitable for XSS, or if it's just a rendering bug.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

Screen Shot 2017-06-12 at 3.40.32 PM.png
10 kB
12/Jun/17 3:42 PM
Screen Shot 2017-06-12 at 3.40.36 PM.png
11 kB
12/Jun/17 3:42 PM

Activity

People

Assignee:

Markus von Rüden

Reporter:

Mike Kelly

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

12/Jun/17 3:42 PM

Updated:

20/Jun/17 6:17 PM

Resolved:

20/Jun/17 6:17 PM