Bug 366581 - CVE-NONE jboss.com cross-site scripting in login screen
Summary: CVE-NONE jboss.com cross-site scripting in login screen
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: reported=20071025,impact=important,pu...
Keywords: Security
: 531705 531712 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-11-05 11:09 UTC by Mark J. Cox
Modified: 2016-03-04 11:36 UTC (History)
2 users (show)

Fixed In Version: production
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-08 10:41:57 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Mark J. Cox 2007-11-05 11:09:07 UTC
Johannes Fahrenkrug of Springenwerk Consulting reported a cross-site scripting
issue in the jboss.com site to a Red Hat associate at a conference.

This issue affects the loginscreen module.

Example:

https://www.jboss.com/index.html?op=loginscreen&module=user&url=%22%3E%3Ch1%3Eboo%3C/h1

Comment 1 Mark J. Cox 2007-11-05 11:10:03 UTC
Was fixed 20071102, but regressed during jboss.com outage over the weekend 

Comment 2 Mark J. Cox 2007-11-05 11:13:05 UTC
Red Hat would like to thank Johannes Fahrenkrug of Springenwerk Consulting for
reporting this issue.

Comment 3 Mark J. Cox 2007-11-08 10:41:57 UTC
Fixed again 20071107

Comment 4 Matthias Clasen 2009-10-31 04:56:02 UTC
*** Bug 531712 has been marked as a duplicate of this bug. ***

Comment 5 Matthias Clasen 2009-10-31 04:57:02 UTC
*** Bug 531705 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.