Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-14309

HTML injection in username

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      One of our developers set their username so this was in the config:

      <?xml version='1.0' encoding='UTF-8'?>
      <user>
      <fullName>First Last </a></td><td></td><td>1000000.0</td></tr><tr><td><a href="www.bbc.co.uk"></fullName>

      This could be used for evil javascript injection purposes as well as silly ones.

        Attachments

          Issue Links

            Activity

            Hide
            asuffiel Andrew Suffield added a comment -

            To clarify: this is when viewed on the leaderboard page

            Show
            asuffiel Andrew Suffield added a comment - To clarify: this is when viewed on the leaderboard page
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: OHTAKE Tomohiro
            Path:
            src/main/resources/hudson/plugins/cigame/GameDescriptor/config.jelly
            src/main/resources/hudson/plugins/cigame/GameDescriptor/global.jelly
            src/main/resources/hudson/plugins/cigame/LeaderBoardAction/confirmResetScores.jelly
            src/main/resources/hudson/plugins/cigame/LeaderBoardAction/index.jelly
            src/main/resources/hudson/plugins/cigame/LeaderBoardAction/sidepanel.jelly
            src/main/resources/hudson/plugins/cigame/ScoreCardAction/index.jelly
            src/main/resources/hudson/plugins/cigame/ScoreCardAction/summary.jelly
            src/main/resources/hudson/plugins/cigame/UserScoreProperty/config.jelly
            http://jenkins-ci.org/commit/ci-game-plugin/9ef03da36524038322a7b9c14370a4c497e708f8
            Log:
            [FIXED JENKINS-14309] Prevent XSS

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: OHTAKE Tomohiro Path: src/main/resources/hudson/plugins/cigame/GameDescriptor/config.jelly src/main/resources/hudson/plugins/cigame/GameDescriptor/global.jelly src/main/resources/hudson/plugins/cigame/LeaderBoardAction/confirmResetScores.jelly src/main/resources/hudson/plugins/cigame/LeaderBoardAction/index.jelly src/main/resources/hudson/plugins/cigame/LeaderBoardAction/sidepanel.jelly src/main/resources/hudson/plugins/cigame/ScoreCardAction/index.jelly src/main/resources/hudson/plugins/cigame/ScoreCardAction/summary.jelly src/main/resources/hudson/plugins/cigame/UserScoreProperty/config.jelly http://jenkins-ci.org/commit/ci-game-plugin/9ef03da36524038322a7b9c14370a4c497e708f8 Log: [FIXED JENKINS-14309] Prevent XSS

              People

              • Assignee:
                ohtake_tomohiro OHTAKE Tomohiro
                Reporter:
                asuffiel Andrew Suffield
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: