[JENKINS-11098] Ansicolor Plugin makes console output view vulnerable to XSS attacks - Jenkins Jira

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: plugin-proposals
Labels:
None

Similar Issues:
Powered by SuggestiMate

Show

The plugin has a problem with XSS code.

Just create a buildjob that executes the following shell command and have ansicolor enabled.
echo -e "\e[1;94m test<script>var xss = function()

{ alert('not good');}

; xss();</script>"
It needs the special char which seems to get filtered in Jira.

Assignee:: Unassigned

Reporter:: Karsten Elfenbein

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2011-09-23 14:15

Updated:: 2012-06-18 14:44

Resolved:: 2012-06-18 14:44