[asterisk-bugs] [JIRA] (ASTERISK-30114) Real XSS on 8089?
Asterisk Team (JIRA)
noreply at issues.asterisk.org
Fri Jun 17 05:36:49 CDT 2022
[ https://issues.asterisk.org/jira/browse/ASTERISK-30114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=259514#comment-259514 ]
Asterisk Team commented on ASTERISK-30114:
------------------------------------------
Per the Asterisk versions page [1], the maintenance (bug fix) support for the Asterisk branch you are using has ended. For continued maintenance support please move to a supported branch of Asterisk. After testing with a supported branch, if you find this problem has not been resolved, please open a new issue against the latest version of that Asterisk branch.
Thanks!
[1] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
> Real XSS on 8089?
> -----------------
>
> Key: ASTERISK-30114
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-30114
> Project: Asterisk
> Issue Type: Information Request
> Security Level: None
> Components: . I did not set the category correctly.
> Affects Versions: 13.38.1
> Reporter: Andrea Mason
>
> Hi All,
> I need to clearify a situation.
> We were doing in a private instance a PT and I got a possible XSS on port 8089.
> What I mean is if i make an httpo request from a browser (ex. myasteriskdomain:8089/test/<script>alert%60xss%60</script>) I got a popup message.
> My colleague think it's not a real XSS because, at that port, there is no frontent or apis enabled on that port, I think that test is a proof of an XSS exposure.
> Am I right?
> Thanks
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list