XSS in security audit viewer

vincent7 · November 26, 2012, 2:36pm

Hi, I’d like to report a bug. There’s a XSS in openfire 3.7

When you create a new server property by admin console with XSS like "alert(‘Hello’);, there is no problem but when you go to the section security Audit Viewer, the xss start.


Thanks in advance

Vince

wroot · November 27, 2012, 3:11pm

Thanks for the report. I have filed this as OF-595. Maybe someone will look at this at some point.

wroot · May 4, 2013, 9:03am

Fixed for 3.8.2.