Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kaltura/server (lastest version)- Cross-Site Scripting (XSS) #5300

Closed
bestshow opened this issue Feb 27, 2017 · 3 comments
Closed

Kaltura/server (lastest version)- Cross-Site Scripting (XSS) #5300

bestshow opened this issue Feb 27, 2017 · 3 comments

Comments

@bestshow
Copy link

bestshow commented Feb 27, 2017

Product:kaltura/server
Download: https://github.com/kaltura/server
Vunlerable Version: lastest version
Tested Version: lastest version
Author: ADLab of Venustech

@kaltura-hooks
Copy link

Hi @bestshow,

Thank for you reporting an issue and helping improve Kaltura!

To get the fastest response time, and help the maintainers review and test your reported issues or suggestions, please ensure that your issue includes the following (please comment with more info if you have not included all this info in your original issue):

  • Is the issue you're experiencing consistent and across platforms? or does it only happens on certain conditions?
    please provide as much details as possible.
  • Which Kaltura deployment you're using: Kaltura SaaS, or self-hosted?
    If self hosted, are you using the RPM or deb install?
  • Packages installed.
    When using RPM, paste the output for:
	# rpm -qa \"kaltura*\"
For deb based systems:
	# dpkg -l \"kaltura-*\"
  • If running a self hosted ENV - provide the MySQL server version used
  • If running a self hosted ENV - is this a single all in 1 server or a cluster?
  • If running a self hosted ENV, while making the problematic request, run:
	# tail -f /opt/kaltura/log/*.log /opt/kaltura/log/batch/*.log | grep -A 1 -B 1 --color \"ERR:\|PHP\|trace\|CRIT\|\[error\]\"

and paste the output.

  • When relevant, provide any screenshots or screen recordings showing the issue you're experiencing.

For general troubleshooting see:
https://github.com/kaltura/platform-install-packages/blob/Jupiter-10.13.0/doc/kaltura-packages-faq.md#troubleshooting-help

If you only have a general question rather than a bug report, please close this issue and post at:
http://forum.kaltura.org

Thank you in advance,

@jessp01
Copy link
Contributor

jessp01 commented Feb 27, 2017

Hi @bestshow,

Firstly, thank you for your report. we will look into it ASAP.
Secondly, I removed the actual details from the bug report because until looked at and resolved, the information should not be made public as it can compromise existing deployments.
Please email me at jess.portnoy kaltura.com or provide your email addr for future discussions.

Thanks,

@jessp01
Copy link
Contributor

jessp01 commented Feb 27, 2017

Hi,

Fixed by this patch: https://github.com/kaltura/server/pull/5304/files.
Please patch your local instances accordingly.

@jessp01 jessp01 closed this as completed Feb 27, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

3 participants