Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Both reflexive and stored XSS flaw through object creation #1061

Closed
asteinhauser opened this issue Apr 10, 2017 · 0 comments
Closed

Both reflexive and stored XSS flaw through object creation #1061

asteinhauser opened this issue Apr 10, 2017 · 0 comments
Labels
type: bug A confirmed report of unexpected behavior in the application

Comments

@asteinhauser
Copy link

screenrecord.zip

Python version 2.7
Netbox version v1.9.5 - 2017-04-06

Bug reproduction is in the attachment. Just add something like VLAN group and write JavaScript code into the name. It creates both reflective XSS and later stored XSS on the main page.
@asteinhauser asteinhauser mentioned this issue Apr 10, 2017
Merged
@jeremystretch jeremystretch added the type: bug A confirmed report of unexpected behavior in the application label Apr 10, 2017
This was referenced Apr 21, 2017
Merged
Closed
lampwins pushed a commit to lampwins/netbox that referenced this issue Oct 13, 2017
@jeremystretch
Closes netbox-community#1061: Escape all messages by default (complem…
0447a93 
…ents netbox-community#1062)
@lock lock bot locked as resolved and limited conversation to collaborators Jan 18, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type: bug A confirmed report of unexpected behavior in the application
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jeremystretch @asteinhauser