You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Romain Wartel (JIRA)" <ji...@apache.org> on 2010/04/07 14:15:15 UTC
[jira] Commented: (AMQ-2613) Persistent Cross-site Scripting in
/createDesitnation.action [JMSDestination parameter]
[ https://issues.apache.org/activemq/browse/AMQ-2613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58696#action_58696 ]
Romain Wartel commented on AMQ-2613:
------------------------------------
Joe is correct.
Also, for the permanent XSS, "correlation ID" is not the only vulnerable variable. "Reply To ", "Type", etc. are vulnerable.
It is important to sanitise user input in general, not just for the variables that are being reported here.
> Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
> ---------------------------------------------------------------------------------------
>
> Key: AMQ-2613
> URL: https://issues.apache.org/activemq/browse/AMQ-2613
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.3.0
> Environment: Linux environment.
> Reporter: Rajat Swarup
> Assignee: Dejan Bosanac
> Priority: Critical
> Fix For: 5.3.1, 5.4.0
>
>
> GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
> This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
> I do not know the affected version information yet. Is there some way I can find it?
> Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess).
> ----
> CVE Identifier issued for this:
> CVE-2010-0684
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.