Details

    • Similar Issues:

      Description

      One of our developers set their username so this was in the config:

      <?xml version='1.0' encoding='UTF-8'?>
      <user>
      <fullName>First Last </a></td><td></td><td>1000000.0</td></tr><tr><td><a href="www.bbc.co.uk"></fullName>

      This could be used for evil javascript injection purposes as well as silly ones.

        Attachments

          Issue Links

            Activity

            asuffiel Andrew Suffield created issue -
            Hide
            asuffiel Andrew Suffield added a comment -

            To clarify: this is when viewed on the leaderboard page

            Show
            asuffiel Andrew Suffield added a comment - To clarify: this is when viewed on the leaderboard page
            ohtake_tomohiro OHTAKE Tomohiro made changes -
            Field Original Value New Value
            Assignee redsolo [ redsolo ] OHTAKE Tomohiro [ ohtake_tomohiro ]
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: OHTAKE Tomohiro
            Path:
            src/main/resources/hudson/plugins/cigame/GameDescriptor/config.jelly
            src/main/resources/hudson/plugins/cigame/GameDescriptor/global.jelly
            src/main/resources/hudson/plugins/cigame/LeaderBoardAction/confirmResetScores.jelly
            src/main/resources/hudson/plugins/cigame/LeaderBoardAction/index.jelly
            src/main/resources/hudson/plugins/cigame/LeaderBoardAction/sidepanel.jelly
            src/main/resources/hudson/plugins/cigame/ScoreCardAction/index.jelly
            src/main/resources/hudson/plugins/cigame/ScoreCardAction/summary.jelly
            src/main/resources/hudson/plugins/cigame/UserScoreProperty/config.jelly
            http://jenkins-ci.org/commit/ci-game-plugin/9ef03da36524038322a7b9c14370a4c497e708f8
            Log:
            [FIXED JENKINS-14309] Prevent XSS

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: OHTAKE Tomohiro Path: src/main/resources/hudson/plugins/cigame/GameDescriptor/config.jelly src/main/resources/hudson/plugins/cigame/GameDescriptor/global.jelly src/main/resources/hudson/plugins/cigame/LeaderBoardAction/confirmResetScores.jelly src/main/resources/hudson/plugins/cigame/LeaderBoardAction/index.jelly src/main/resources/hudson/plugins/cigame/LeaderBoardAction/sidepanel.jelly src/main/resources/hudson/plugins/cigame/ScoreCardAction/index.jelly src/main/resources/hudson/plugins/cigame/ScoreCardAction/summary.jelly src/main/resources/hudson/plugins/cigame/UserScoreProperty/config.jelly http://jenkins-ci.org/commit/ci-game-plugin/9ef03da36524038322a7b9c14370a4c497e708f8 Log: [FIXED JENKINS-14309] Prevent XSS
            scm_issue_link SCM/JIRA link daemon made changes -
            Status Open [ 1 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            ohtake_tomohiro OHTAKE Tomohiro made changes -
            Link This issue is related to JENKINS-5135 [ JENKINS-5135 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 144941 ] JNJira + In-Review [ 191263 ]

              People

              • Assignee:
                ohtake_tomohiro OHTAKE Tomohiro
                Reporter:
                asuffiel Andrew Suffield
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: