You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Julian Sedding (JIRA)" <ji...@apache.org> on 2013/07/19 12:00:53 UTC

[jira] [Commented] (SLING-2974) XSS vulnerability in AbstractAuthenticationFormServlet

    [ https://issues.apache.org/jira/browse/SLING-2974?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13713511#comment-13713511 ] 

Julian Sedding commented on SLING-2974:
---------------------------------------

Thanks Carsten!
                
> XSS vulnerability in AbstractAuthenticationFormServlet
> ------------------------------------------------------
>
>                 Key: SLING-2974
>                 URL: https://issues.apache.org/jira/browse/SLING-2974
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: Auth Core 1.1.2
>            Reporter: Julian Sedding
>            Assignee: Carsten Ziegeler
>             Fix For: Auth Core 1.1.4
>
>
> The AbstractAuthenticationFormServlet replaces placeholders in an HTML page with user-provided input without taking care of proper escaping of the input. Hence it is possible to construct an XSS-attack exploiting this servlet.
> This is made worse by the fact that this servlet doesn't provide an obvious way to disable it. Setting the sling.servlet.path="-" using content based configuration did the trick in my case, however.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira