Uploaded image for project: 'QA Framework'
  1. QA Framework
  2. RATEST-168

Automate Patched the Xss vulnerability in roles field of user list

    XMLWordPrintable

    Details

    • Complexity:
      Medium

      Description

      This ticket is an initial ticket that we might get involved in tracking xss vulnerability through tracking xss vulnerabilities, Basically the idea is to make user this can be automated following the procedures being taken by security team
      This is based on https://issues.openmrs.org/browse/RA-1865

      The idea behind this is that we will leverage security xss vulnerability issues and they can be automated, however this still is in pipeline and we are still looking forward to leverage how will help security issues to be automated

      steps that need to be automated to reproduce this

      1.Launch the OpenMRS application.
      2.Login with username "Admin" and password "Admin123" with location as Inpatient Ward.
      3.Select “System Administration”
      4.Select “Advanced Administration”
      5.Select “Manage Roles”
      6.Select “Add Role”
      7.In the “Role” title input field, enter <script>alert(1);</script>
      8.Click "Save Role"
      9.Navigate to the "Manage Users" tab
      10.Enter "admin" in the "Find User on Name" search field and click "Search".
      11.Click on "admin" under "System Id" in the search results table to edit the admin user.
      12.Under Roles, select the check mark next to <script>alert(1);</script>
      13.Click "Save User"
      14.Repeat step 10

      cc Isaac Sears Kaweesi Joseph Kakumirizi Daud Christine Gichuki

        Gliffy Diagrams

          Attachments

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              sharif Sharif Magembe
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: