[jira] [Updated] (MESOS-6947) Fix pailer XSS vulnerability

haosdent (JIRA) Thu, 19 Jan 2017 08:29:03 -0800

     [ 
https://issues.apache.org/jira/browse/MESOS-6947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


haosdent updated MESOS-6947:
----------------------------
    Description: 
There exists an XSS vulnerability in pailer.html.

{{window.name}} can be set to an external domain serving js which is wrapped in 
{{<script>}} tags by the {{getJSON}} async call. A detailed example will follow 
acceptance of the patch. 

  was:
There exists a XSS vulnerability in pailer.html.

`window.name` can be set to an external domain serving js which is wrapped in 
`<script>` tags by the `getJSON` async call. A detailed example will follow 
acceptance of the patch. 


> Fix pailer XSS vulnerability
> ----------------------------
>
>                 Key: MESOS-6947
>                 URL: https://issues.apache.org/jira/browse/MESOS-6947
>             Project: Mesos
>          Issue Type: Improvement
>          Components: webui
>            Reporter: Jacob Janco
>            Assignee: Jacob Janco
>
> There exists an XSS vulnerability in pailer.html.
> {{window.name}} can be set to an external domain serving js which is wrapped 
> in {{<script>}} tags by the {{getJSON}} async call. A detailed example will 
> follow acceptance of the patch. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (MESOS-6947) Fix pailer XSS vulnerability

Reply via email to