[asterisk-bugs] [JIRA] (ASTERISK-30114) Real XSS on 8089?
Asterisk Team (JIRA)
noreply at issues.asterisk.org
Fri Jun 17 05:36:49 CDT 2022
[ https://issues.asterisk.org/jira/browse/ASTERISK-30114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Asterisk Team closed ASTERISK-30114.
------------------------------------
Resolution: Won't Fix
> Real XSS on 8089?
> -----------------
>
> Key: ASTERISK-30114
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-30114
> Project: Asterisk
> Issue Type: Information Request
> Security Level: None
> Components: . I did not set the category correctly.
> Affects Versions: 13.38.1
> Reporter: Andrea Mason
>
> Hi All,
> I need to clearify a situation.
> We were doing in a private instance a PT and I got a possible XSS on port 8089.
> What I mean is if i make an httpo request from a browser (ex. myasteriskdomain:8089/test/<script>alert%60xss%60</script>) I got a popup message.
> My colleague think it's not a real XSS because, at that port, there is no frontent or apis enabled on that port, I think that test is a proof of an XSS exposure.
> Am I right?
> Thanks
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list