It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Follow this question
Question details

×11,924
×1,305

question asked: Nov 21 '12, 8:56 p.m.
question was seen: 3,321 times
last updated: Nov 26 '12, 9:02 a.m.

Related questions

FAQ - How this Forum works

XSS issue located in ram infopop

0
pan tianming (4765644) | asked Nov 21 '12, 8:56 p.m.
We try the following URL in the RAM server:
https://RAMURL//cloud/enterprise/ram/infopop?contextId=sgen0101&default=Modify%3Ciframe+src%3Djavascript%3Aalert%28105486%29%3E

Then in the RAM 7202 server it will popup a window with the value : 105486
In the RAM 7511 server it will not open new window, instead show the following content:
Modify: Edit the description, categories, attached artifacts, or related assets for this asset. Depending on the current state of the asset and the edits that you make, when you modify an asset, you might change its state, move it to a different lifecycle, or trigger policies.

Please let me know if it means  this XSS issue is fixed in 7511

Accepted answer

0
permanent link
Eric Bordeau (27632) | answered Nov 26 '12, 9:02 a.m.
JAZZ DEVELOPER
That is correct. This problem was fixed in 7.5.0.1. See defect Infopops contain an XSS vulnerability (39180).
pan tianming selected this answer as the correct answer

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.