| Category: | Patch |
Priority: | High |
Status: | New |
| Project: | Severity: | Major |
Resolution: | Open |
|
| Component: | Reproducibility: | Not Attempted |
Assigned to: |
When creating a new dashboard, it is possible to include an external webpage. If this source contains javascript then it is executed.
URL : jasperserver/dashboard/designer.html
With this kind of dashboard, if shared, hackers can, for example, create fake authentication forms to steal logins and passwords.
| Attachment | Size |
|---|---|
 storedxss.png | 90.33 KB |
v6.3.0
JasperReports Server
