mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacob Janco (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (MESOS-6947) Fix pailer XSS vulnerability
Date Thu, 19 Jan 2017 01:49:26 GMT

     [ https://issues.apache.org/jira/browse/MESOS-6947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jacob Janco updated MESOS-6947:
-------------------------------
    Shepherd: haosdent

> Fix pailer XSS vulnerability
> ----------------------------
>
>                 Key: MESOS-6947
>                 URL: https://issues.apache.org/jira/browse/MESOS-6947
>             Project: Mesos
>          Issue Type: Improvement
>          Components: webui
>            Reporter: Jacob Janco
>            Assignee: Jacob Janco
>
> There exists a XSS vulnerability in pailer.html.
> `window.name` can be set to an external domain serving js which is wrapped in `<script>`
tags by the `getJSON` async call. A detailed example will follow acceptance of the patch.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message