Uploaded image for project: 'Spring Batch Admin'
  1. Spring Batch Admin
  2. BATCHADM-136

Cross-site scripting is possible in the Job-parameters field

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Complete
    • Affects Version/s: 1.2.1
    • Fix Version/s: 1.3.0
    • Component/s: Manager
    • Labels:
      None

      Description

      I was able to run a script by using the following text in the Job-parameters field:
      a=</textarea><script>alert(1)</script>
      This is a security issue, since this script will be saved and run by everyone who enter that page.

        Attachments

          Activity

            People

            Assignee:
            chrisschaefer Chris Schaefer
            Reporter:
            security_chk Security Check
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: