366581 – CVE-NONE jboss.com cross-site scripting in login screen

Bug 366581 - CVE-NONE jboss.com cross-site scripting in login screen

Summary: CVE-NONE jboss.com cross-site scripting in login screen

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (2):	531705 531712 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-11-05 11:09 UTC by Mark J. Cox
Modified:	2019-09-29 12:22 UTC (History)
CC List:	2 users (show)
Fixed In Version:	production
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-11-08 10:41:57 UTC
Embargoed:

Attachments	(Terms of Use)

Description Mark J. Cox 2007-11-05 11:09:07 UTC

Johannes Fahrenkrug of Springenwerk Consulting reported a cross-site scripting
issue in the jboss.com site to a Red Hat associate at a conference.

This issue affects the loginscreen module.

Example:

https://www.jboss.com/index.html?op=loginscreen&module=user&url=%22%3E%3Ch1%3Eboo%3C/h1

Comment 1 Mark J. Cox 2007-11-05 11:10:03 UTC

Was fixed 20071102, but regressed during jboss.com outage over the weekend

Comment 2 Mark J. Cox 2007-11-05 11:13:05 UTC

Red Hat would like to thank Johannes Fahrenkrug of Springenwerk Consulting for
reporting this issue.

Comment 3 Mark J. Cox 2007-11-08 10:41:57 UTC

Fixed again 20071107

Comment 4 Matthias Clasen 2009-10-31 04:56:02 UTC

*** Bug 531712 has been marked as a duplicate of this bug. ***

Comment 5 Matthias Clasen 2009-10-31 04:57:02 UTC

*** Bug 531705 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.