Bug 454560 - [Security] x site scripting vulnerability
Summary: [Security] x site scripting vulnerability
Status: RESOLVED WONTFIX
Alias: None
Product: Hudson
Classification: Technology
Component: Core (show other bugs)
Version: 3.2.1   Edit
Hardware: PC Windows 7
: P3 major (vote)
Target Milestone: ---   Edit
Assignee: Winston Prakash CLA
QA Contact: Geoff Waymark CLA
URL:
Whiteboard:
Keywords: security
Depends on:
Blocks:
 
Reported: 2014-12-09 07:12 EST by Geoff Waymark CLA
Modified: 2019-05-14 14:19 EDT (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Geoff Waymark CLA 2014-12-09 07:12:11 EST 
The iconSize cookie is not validated and therefore could be used an attack where a victims browser allows Hudson cookies to be replaced.
Comment 1 Bob Foster CLA 2015-03-04 13:53:05 EST 
I don't understand. How can a cookie cause an XSS vulnerability?
Comment 2 Wayne Beaton CLA 2019-05-14 14:19:46 EDT 
The Eclipse Hudson project has been terminated and archived.