You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
michaelnoonan opened this issue
Nov 14, 2017
· 3 comments
Assignees
Labels
kind/bugThis issue represents a verified problem we are committed to solvingpriority(obsolete) This issue has been recognised as a priority and should be addressed as soon as possible
Put your XSS payload in the name of the variable set, for example: MyVars<img src=x onerror=alert()>
Add a variable to your variable set, can be anything you want
Add your variable set to an existing or new project
View "All Variables" on your project
XSS payload fires repeatedly
The text was updated successfully, but these errors were encountered:
michaelnoonan
added
kind/bug
This issue represents a verified problem we are committed to solving
priority
(obsolete) This issue has been recognised as a priority and should be addressed as soon as possible
labels
Nov 14, 2017
This thread has been automatically locked since there has not been any recent activity after it was closed. If you think you've found a related issue, please contact our support team so we can triage your issue, and make sure it's handled appropriately.
lockbot
locked as resolved and limited conversation to collaborators
Nov 24, 2018
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
kind/bugThis issue represents a verified problem we are committed to solvingpriority(obsolete) This issue has been recognised as a priority and should be addressed as soon as possible
See https://github.com/OctopusDeploy/OctopusDeploy/issues/1101
CVE-2017-16810
source: https://secure.helpscout.net/conversation/367176482
Steps to recreate:
Create a new variable set
Put your XSS payload in the name of the variable set, for example:
MyVars<img src=x onerror=alert()>
The text was updated successfully, but these errors were encountered: