Is RH-SSO vulnerable to JavaScript XSS injection in user registration form ?
Issue
- Is RH-SSO vulnerable to JavaScript XSS injection in user registration form ?
Environment
- Red Hat Single Sign-On (RH-SSO)
- 7
- User Registration (using User registration form or via REST API)
-
Injecting XSS malicious code in
username
field, for example:"username": "\\\"'></script></title></textarea>\"'></xss/*-*/style=xss:e/**/xpression(try{a=firsttime}catch(e){firsttime=1;alert(737)})>"
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.