GrailsFlow

Cross-Site-Scripting Problems

Details

  • Type: Bug Bug
  • Status: Open Open
  • Priority: Minor Minor
  • Resolution: Unresolved
  • Affects Version/s: None
  • Fix Version/s: 1.2
  • Component/s: None
  • Labels:
    None
  • Request Controller:
    Albers, Stephan
  • External Supervisor:
    Please select
  • Executing Programmer:
    Please select

Description

Thre are some places in Grailsflow which are unsecure because of Cross-Site-Scripting Problems.

User case:
Go into "Edit Process Types" -> click "Add", set "<iframe src=http://www.jcatalog.de></iframe>" to Description, Process ID "testpc", save. Click add process variable, set Name 'testvar' set value "<iframe src=http://www.jcatalog.de></iframe>", click save, return back to Process Details, see frame in list of process variables. Return back to list of processes, there will be frame too.

Similar problems could exist on other Grailsflow pages.

Activity

Ascending order - Click to sort in descending order
There are no comments yet on this issue.

People

Vote (0)
Watch (0)

Dates

  • Created:
    04/Feb/10 9:26 AM
    Updated:
    12/Feb/10 11:18 AM
Atlassian JIRA (v4.2#587) | Report a problem
Powered by a free Atlassian JIRA open source license for Grailsflow. Try JIRA - bug tracking software for your team.