[Vtigercrm-commits] [Vtiger development] #8565: xss vulnerability in TagCloud
Vtiger development
vtiger-tickets at trac.vtiger.com
Thu Jun 4 04:46:23 GMT 2015
#8565: xss vulnerability in TagCloud
-----------------------+-----------------------
Reporter: uma | Owner: developer
Type: defect | Status: new
Priority: major | Milestone: 6.3.0
Component: vtigercrm | Version: 6.2.0
Severity: Medium | Keywords:
-----------------------+-----------------------
Goto Detail view of any record (example Leads record).
Left side of the page, you can see Tag Cloud block.
If you click on Tag Cloud. Then you can find input element in that block.
Enter the following script in that input element and click on Tag this
Record.
a<script>alert("b")</script>
Then an alert will appear as like in Screenshot.
--
Ticket URL: <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/8565>
Vtiger development <http://trac.vtiger.com/>
Vtiger CRM
More information about the vtigercrm-commits
mailing list