Please wait while updating issue type...
This issue is blocking the next release
Access to this issue is restricted, which means only users with access to internal issues can see this issue.
This issue has been closed with status "Confirmed" and resolution "Not determined".
Description
The HTML parameters associated with the create, modify, and delete items functionalities are not properly validated for the user input and can be exploited for carrying out a cross-site request forgery (XSRF) attack. As a result, an attacker can send a request to report a “Bug”, “Improvement Request”, “Task” or “Feature Request”, embedding malicious code which will be stored in the database, and attaching executable files or XSS via files.
How to reproduce
Attachments0
Drop the file to upload it
Subtasks0
Important details
User pain
-
Type of bugNot triaged
-
LikelihoodNot triaged
-
EffectNot triaged
Affected by this issue 0
Times and dates
-
Estimated time No time estimated
-
Time spent No time spent
People involved
Other details
-
-
-
Unknown Not determined
This issue has been deleted
This message will disappear when you reload the page.
Post a comment and get things done