Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-2407

XSS Vulnerability in textbox.setValue()

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 6.5.6, 7.0.2
    • Fix Version/s: 7.0.3, 6.5.8
    • Component/s: None
    • Security Level: Jimmy
    • Labels:

      Description

      Problem Description

      One customer reported:

      After applying a composer with setValue("</script foo=bar>") the application breaks as described below. This is very important to support this case while users may want to refresh the view by ctrl-F5 (Command-R) and the values stored must be served in this case from the session.

      Steps to Reproduce

      1. use attached project zip file

      Actual Result

      Extra Information

      Please also fix it in 6.5.x.

        Attachments

          Issue Links

          clones

          Bug - A problem which impairs or prevents the functions of the product. ZK-2116 possible XSS Vulnerability for Listcell

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. ZK-2116 possible XSS Vulnerability for Listcell

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

            Activity

              People

              Assignee:
              Jenkins Jenkins
              Reporter:
              hawk hawk
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: