Thibault created an issue |
Issue Type: |
Bug |
---|---|
Assignee: |
Unassigned |
Attachments: |
XXS-POC.png |
Created: |
14/Nov/18 3:24 PM |
Environment: |
CentOS |
Priority: |
High |
Reporter: |
Hello GeoServer Team, I found a XSS vulnerability during a penetration test today. It’s on the format paremeter of the /wmts endpoint. If you open this url with a browser and if you change the format parameter value by : <something:script xmlns:something=“http://www.w3.org/1999/xhtml”>alert(‘TEST TEST’)</something:script> Tadaa ! Thank you, |
Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS |
|
This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100095-sha1:c772008) |