Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 515843

Summary: XSS in 'Job title' in profile
Product: Community Reporter: Eclipse Webmaster <webmaster>
Component: WebsiteAssignee: phoenix.ui <phoenix.ui-inbox>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: P3 CC: chris.guindon
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: All   
Whiteboard:

Description Eclipse Webmaster CLA 2017-04-26 09:31:13 EDT 
As reported on the security list it seems there is an XSS vulnerability in the 'job title' entry box that triggers when you view someones profile.
Comment 1 Christopher Guindon CLA 2017-04-26 10:44:23 EDT 
I believe other fields are vulnerable to this. This is an issue with the drupal solstice theme and should be fixed immediately.
Comment 2 Christopher Guindon CLA 2017-04-26 11:45:31 EDT 
I would also like to add that the organization field is also vulnerable to this.
Comment 3 Christopher Guindon CLA 2017-05-01 10:20:20 EDT 
The reported vulnerability and a few others that the webdev team found while doing an audit has been fixed.