Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-2056

XSS Vulnerability in AuUploader

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 6.5.8, 7.0.5
    • 6.5.3
    • None
    • Security Level: Jean
    • None

      I don't know how this relates to ZK-1720 and ZK-1961, but in Release 6.5.3 it seems to be still an issue: One of our customers reported a possible security issue. He was able to inject JavaScript code in the SID and UUID parameters sent to the server during uploads. Both parameters seem to be sent back to the client in the Servlets.forward() call without beeing checked against JavaScript code.

            hanhsu hanhsu
            jkraushaar jkraushaar
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: