You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by "Jukka Zitting (JIRA)" <ji...@apache.org> on 2009/01/08 16:22:59 UTC

[jira] Resolved: (JCR-1925) Cross site scripting issues in webapp

     [ https://issues.apache.org/jira/browse/JCR-1925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jukka Zitting resolved JCR-1925.
--------------------------------

       Resolution: Fixed
    Fix Version/s: 1.5.1
         Assignee: Jukka Zitting

Fixed in revision 732715. Scheduling for 1.5.1.

> Cross site scripting issues in webapp
> -------------------------------------
>
>                 Key: JCR-1925
>                 URL: https://issues.apache.org/jira/browse/JCR-1925
>             Project: Jackrabbit
>          Issue Type: Bug
>          Components: jackrabbit-webapp
>    Affects Versions: 1.5.0
>            Reporter: Jukka Zitting
>            Assignee: Jukka Zitting
>             Fix For: 1.5.1
>
>
> Some of the jackrabbit-webapp forms don't properly escape user input when displaying it in the resulting HTML page. This leads to potential cross site scripting issues. For example:
>     search.jsp?q=%25%22%3Cscript%3Ealert(1)%3C/script%3E
>     swr.jsp?q=%25"<script>alert(1)</script>&swrnum=1

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.