[asterisk-bugs] [JIRA] (ASTERISK-30114) Real XSS on 8089?

[Asterisk Team (JIRA)]

    [ https://issues.asterisk.org/jira/browse/ASTERISK-30114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=259515#comment-259515 ] 

Asterisk Team commented on ASTERISK-30114:
------------------------------------------

We appreciate the difficulties you are facing, however information request type issues would be better served in a different forum.

The Asterisk community provides support over IRC, mailing lists, and forums as described at http://asterisk.org/community. The Asterisk issue tracker is used specifically to track issues concerning bugs and documentation errors.

If this issue is actually a bug please use the Bug issue type instead.

Please see the Asterisk Issue Guidelines [1] for instruction on the intended use of the Asterisk issue tracker.

Thanks!

[1] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines

> Real XSS on 8089?
> -----------------
>
>                 Key: ASTERISK-30114
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-30114
>             Project: Asterisk
>          Issue Type: Information Request
>      Security Level: None
>          Components: . I did not set the category correctly.
>    Affects Versions: 13.38.1
>            Reporter: Andrea Mason
>
> Hi All,
> I need to clearify a situation.
> We were doing in a private instance a PT and I got a possible XSS on port 8089.
> What I mean is if i make an httpo request from a browser (ex. myasteriskdomain:8089/test/<script>alert%60xss%60</script>) I got a popup message.
> My colleague think it's not a real XSS because, at that port, there is no frontent or apis enabled on that port, I think that test is a proof of an XSS exposure.
> Am I right?
> Thanks



--
This message was sent by Atlassian JIRA
(v6.2#6252)