Uploaded image for project: 'Spring Batch Admin'
  1. Spring Batch Admin
  2. BATCHADM-136

Cross-site scripting is possible in the Job-parameters field

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Complete
    • Affects Version/s: 1.2.1
    • Fix Version/s: 1.3.0
    • Component/s: Manager
    • Labels:
      None

      Description

      I was able to run a script by using the following text in the Job-parameters field:
      a=</textarea><script>alert(1)</script>
      This is a security issue, since this script will be saved and run by everyone who enter that page.

        Attachments

          Activity

            People

            • Assignee:
              chrisschaefer Chris Schaefer
              Reporter:
              security_chk Security Check
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: