Details

    • Similar Issues:

      Description

      One of our developers set their username so this was in the config:

      <?xml version='1.0' encoding='UTF-8'?>
      <user>
      <fullName>First Last </a></td><td></td><td>1000000.0</td></tr><tr><td><a href="www.bbc.co.uk"></fullName>

      This could be used for evil javascript injection purposes as well as silly ones.

        Attachments

          Issue Links

            Activity

            asuffiel Andrew Suffield created issue -
            ohtake_tomohiro OHTAKE Tomohiro made changes -
            Field Original Value New Value
            Assignee redsolo [ redsolo ] OHTAKE Tomohiro [ ohtake_tomohiro ]
            scm_issue_link SCM/JIRA link daemon made changes -
            Status Open [ 1 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            ohtake_tomohiro OHTAKE Tomohiro made changes -
            Link This issue is related to JENKINS-5135 [ JENKINS-5135 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 144941 ] JNJira + In-Review [ 191263 ]

              People

              • Assignee:
                ohtake_tomohiro OHTAKE Tomohiro
                Reporter:
                asuffiel Andrew Suffield
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: