You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@myfaces.apache.org by "Matthias Weßendorf (JIRA)" <de...@myfaces.apache.org> on 2010/10/29 15:52:21 UTC
[jira] Resolved: (TRINIDAD-1798) XSS attack while launching Pop up
[ https://issues.apache.org/jira/browse/TRINIDAD-1798?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matthias Weßendorf resolved TRINIDAD-1798.
------------------------------------------
Resolution: Fixed
Fix Version/s: 2.0.0.4-core
1.2.15-core
Assignee: Matthias Weßendorf
> XSS attack while launching Pop up
> ---------------------------------
>
> Key: TRINIDAD-1798
> URL: https://issues.apache.org/jira/browse/TRINIDAD-1798
> Project: MyFaces Trinidad
> Issue Type: Bug
> Affects Versions: 1.2.9-core
> Reporter: Virginie reverse
> Assignee: Matthias Weßendorf
> Priority: Critical
> Fix For: 1.2.15-core , 2.0.0.4-core
>
>
> hello,
> I am using Tinidad 1.2.9, JSF 1.2 and tomcat 5.5.26.
> I am launching a pop up with this command :
> <tr:commandLink id="idAddCurrencyDialog" text="#{msg.updateAttributes_add_currency}" action="dialog:addModifyAttribute" useWindow="true" partialSubmit="true" launchListener="#{updateAttributesController.launchAddCurrencyDialog}" returnListener="#{updateAttributesController.returnFromDialogAttribute}" windowHeight="500" windowWidth="500"/>
> Here is the command generated :
> https://xxx/yyy/faces/__ADFv__?_afPfm=-543e4359&_t=fred&_vir=/common/pages/secure/common/dialog/addModifyAttribute.jspx&loc=en&_minWidth=500&_minHeight=500&_rtrnId=1
> The problem is that it's allowing cross site script attack , you can insert javascript in the :
> _minWidth, _minHeight or_rtrnId
> For exple :
> https://xxx/yyyy/faces/__ADFv__?_afPfm=-543e4359&_t=fred&_vir=/common/pages/secure/common/dialog/addModifyAttribute.jspx&loc=en&_minWidth=500&_minHeight=500});alert(document.cookie);//&_rtrnId=1
> I tried to upgrade to 1.2.13, but there was still the problem.
> Do you know a work around or is it possible to fix this security breach ?
> thxs
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.