[jira] [Created] (FELIX-6128) Issue in the bundle Web Console

Antonio Sanso (JIRA) Thu, 09 May 2019 03:00:34 -0700

Antonio Sanso created FELIX-6128:
------------------------------------

             Summary: Issue in the bundle Web Console
                 Key: FELIX-6128
                 URL: https://issues.apache.org/jira/browse/FELIX-6128
             Project: Felix
          Issue Type: Bug
          Components: Web Console
            Reporter: Antonio Sanso
         Attachments: image002.png, image003.png


RunningSnail  reported an XSS issue in the bundle Web Console.

After logining,I visit the page whose url is 
http://127.0.0.1:8080/system/console/bundles.
Then I click "Install/Update" and before uploading a jar file,I change the 
content of the "MANIFEST.MF" in the jar file.

So when an admin visit the page,he will be affected by the stored xss. 

See attached images



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (FELIX-6128) Issue in the bundle Web Console

Reply via email to