Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
I
ISPConfig 3
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 492
    • Issues 492
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 32
    • Merge Requests 32
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • ISPConfig
  • ISPConfig 3
  • Issues
  • #4893

Closed
Open
Opened Dec 28, 2017 by Till Brehm@tbrehmOwner

Stored XSS issue in email name field

There is a stored XSS problem in the email name field in ISPConfig 3 which allows an attacker to inject JS code into the database that gets displayed unfiltered in the ISPConfig dashboard of the client himself, the reseller that this client belongs to and the admin.

Thank you very much to Fábián Patrik for reporting this issue.

Assignee
Assign to
3.1.10
Milestone
3.1.10
Assign milestone
Time tracking
None
Due date
None
Reference: ispconfig/ispconfig3#4893