#4503 (ok 4.0.10.2) Self-XSSes in monitor

4.0.10
fixed
None
1
2014-08-17
2014-08-06
No

Steps: Monitor -> settings -> add chart -> Chose status variables from radio buttons -> type variable name as '' -> Chose append unit to data values and type '' -> Click 'Add this series'.

Affected versions: 4.0.x, 4.1.x, 4.2.x

Problematic line: server_status_monitor.js L905 & L911 (in QA_4_2) "str += serie.unit ? (', ' + PMA_messages.strUnit + ': ' + serie.unit) : '';" and "$('#seriesPreview').append('- ' + newSeries.label + str + '
');"

Discussion

  • Marc Delisle

    Marc Delisle - 2014-08-17
    • private: Yes --> No
     
  • Marc Delisle

    Marc Delisle - 2014-08-17
    • summary: Self-XSSes in monitor --> (ok 4.0.10.2) Self-XSSes in monitor
    • status: open --> fixed
    • assigned_to: Madhura Jayaratne
    • Priority: 5 --> 1
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks