[TRUNK-3940] Multiple Stored XSS via Concept Name - OpenMRS Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Could
Resolution: Fixed
Affects Version/s: OpenMRS 1.9.3
Fix Version/s: Platform 1.11.0
Component/s: None
Labels:

Complexity:
Undetermined
Sprint:
OpenMRS Platform 1.11 Sprint 1
Development:

Under Review4 builds successfulDeployed to Sourceforge Mirror

Description

Security
patientDashboard.form
(Graphs tab can display XSS'd Concept Name (search Find Concepts))
dictionary/concept.form (viewing XSS'd Concept Name)

Gliffy Diagrams

Attachments

Issue Links

caused

HTML-569 HTML character codes are displayed in new HTML form

Closed

Activity

People

Assignee:: Wyclif Luyima

Reporter:: Andrea Patterson

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 2013-03-21 10:55:45 GMT

Updated:: 2014-11-07 09:28:33 GMT

Resolved:: 2014-11-07 09:28:33 GMT

Time Tracking

Estimated:

Remaining:

1h 30m

Logged:

2h 30m