[asterisk-bugs] [JIRA] (ASTERISK-28970) Reflected XSS
Joshua C. Colp (JIRA)
noreply at issues.asterisk.org
Tue Jun 30 06:12:25 CDT 2020
[ https://issues.asterisk.org/jira/browse/ASTERISK-28970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joshua C. Colp closed ASTERISK-28970.
-------------------------------------
Resolution: Suspended
JIRA is a product produced by Atlassian, we are a user of it and do not develop it. I would suggest checking with Atlassian to see if issues have been resolved there. For Asterisk we are currently running an old version of JIRA but plan on upgrading in the future.
> Reflected XSS
> -------------
>
> Key: ASTERISK-28970
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28970
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Documentation
> Affects Versions: 16.9.0
> Reporter: Yunus AYDIN
>
> Description
> I found REFLECTED XSS in asterisk.com.
> Steps to reproduce
> Using any browser (except IE), go to
>
> https://issues.asterisk.org/jira/plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=(function(){alert(document.cookie);return%2030000;})()&transitionFx=fadeZoom&random=false
> You'll see an alert box with your cookie.
> I was able to confirm the XSS works in Firefox, Chrome and Opera so the payload successfully bypasses the Chrome XSS filter since the reflection point is directly in a javascript.
> Impact
> As you know, with a reflected XSS, a malicious user could trick a user into browsing to a URL which would trigger the XSS and steal the user's cookie, capture keyboard strokes, etc and eventually take over a user's account.
> Thanks,
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list