Latex Plugin-Cross-site Scripting Error

2009-03-19T16:15:46
ID ATLASSIAN:CONFSERVER-14949
Type atlassian
Reporter jwitcraft
Modified 2018-10-11T08:51:31

Description

Our security group scanned the plugin below and found the following issue for the Latex Plugin:

Number System/Location Defect Type Status R1 Latex Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies, which may be used to impersonate a legitimate user, allowing the hacker to view or alter user records or gain access to other Single Sign On applications and perform transactions as that user. Refer to the url:

        https://wikistg.seagate.com/confluence/display/IT/LX01+ESec+Page