[asterisk-bugs] [JIRA] (ASTERISK-30114) Real XSS on 8089?
Andrea Mason (JIRA)
noreply at issues.asterisk.org
Fri Jun 17 05:36:49 CDT 2022
Andrea Mason created ASTERISK-30114:
---------------------------------------
Summary: Real XSS on 8089?
Key: ASTERISK-30114
URL: https://issues.asterisk.org/jira/browse/ASTERISK-30114
Project: Asterisk
Issue Type: Information Request
Security Level: None
Components: . I did not set the category correctly.
Affects Versions: 13.38.1
Reporter: Andrea Mason
Hi All,
I need to clearify a situation.
We were doing in a private instance a PT and I got a possible XSS on port 8089.
What I mean is if i make an httpo request from a browser (ex. myasteriskdomain:8089/test/<script>alert%60xss%60</script>) I got a popup message.
My colleague think it's not a real XSS because, at that port, there is no frontent or apis enabled on that port, I think that test is a proof of an XSS exposure.
Am I right?
Thanks
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list