[cisco-voip] Bug Search Code Injection

Anthony Holloway avholloway+cisco-voip at gmail.com
Wed Aug 28 10:42:11 EDT 2019


Here is the response I got back after Cisco looked into my report:

*"And as CDETS is not accessible to external users no malicious code can be
entered and internal users will not enter any malicious code."*


On Thu, Aug 22, 2019 at 10:02 AM Anthony Holloway <
avholloway+cisco-voip at gmail.com> wrote:

> FWIW I submitted feedback via the website and have already been contacted
> by someone on the Bug Search Tool team stating they're looking in to it.
>
> [image: image.png]
>
> On Tue, Aug 20, 2019 at 9:35 AM Anthony Holloway <
> avholloway+cisco-voip at gmail.com> wrote:
>
>> Looks like I stumbled across some code injection on the following defect
>> page:
>>
>> https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq27976
>>
>> It's innocent enough, but concerning that it's even possible.
>>
>> [image: image.png]
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190828/86a9b78c/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 37328 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190828/86a9b78c/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 48191 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190828/86a9b78c/attachment-0001.png>


More information about the cisco-voip mailing list