You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Jukka Zitting (JIRA)" <ji...@apache.org> on 2009/01/08 16:22:59 UTC
[jira] Resolved: (JCR-1925) Cross site scripting issues in webapp
[ https://issues.apache.org/jira/browse/JCR-1925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jukka Zitting resolved JCR-1925.
--------------------------------
Resolution: Fixed
Fix Version/s: 1.5.1
Assignee: Jukka Zitting
Fixed in revision 732715. Scheduling for 1.5.1.
> Cross site scripting issues in webapp
> -------------------------------------
>
> Key: JCR-1925
> URL: https://issues.apache.org/jira/browse/JCR-1925
> Project: Jackrabbit
> Issue Type: Bug
> Components: jackrabbit-webapp
> Affects Versions: 1.5.0
> Reporter: Jukka Zitting
> Assignee: Jukka Zitting
> Fix For: 1.5.1
>
>
> Some of the jackrabbit-webapp forms don't properly escape user input when displaying it in the resulting HTML page. This leads to potential cross site scripting issues. For example:
> search.jsp?q=%25%22%3Cscript%3Ealert(1)%3C/script%3E
> swr.jsp?q=%25"<script>alert(1)</script>&swrnum=1
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.