Skip to content

XSS through "Adjust fields for things table "

Basic information

Project name: Eclipse Ditto

Project id: https://eclipse.dev/ditto/ / https://github.com/eclipse-ditto/ditto

What are the affected versions?

latest (3.5.5) and probably also below.

Details of the issue

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). On the url: http://localhost:8080/ui/?primaryEnvironmentName=ditto_sandbox javascript code can be executed.

Steps to reproduce:

Edited by Manuel Sommer
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information