You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Dan Klco (Jira)" <ji...@apache.org> on 2022/11/02 11:57:00 UTC
[jira] [Closed] (SLING-11622) Unexpected input may cause xss risk in Taxonomy
[ https://issues.apache.org/jira/browse/SLING-11622?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Klco closed SLING-11622.
----------------------------
> Unexpected input may cause xss risk in Taxonomy
> -----------------------------------------------
>
> Key: SLING-11622
> URL: https://issues.apache.org/jira/browse/SLING-11622
> Project: Sling
> Issue Type: Bug
> Components: App CMS
> Affects Versions: App CMS 1.1.0
> Reporter: QSec-Team
> Assignee: Dan Klco
> Priority: Major
> Fix For: App CMS 1.1.2
>
> Attachments: image-2022-10-18-16-09-21-603.png, image-2022-10-18-16-09-45-520.png
>
>
> when we use sling-cms demo ,we find it that input in [+taxonomy item] may cause the XSS vulnerability。
> some one like eg.
> {code:java}
> //代码占位符
> "><svg onload=alert('xss')></svg> {code}
> !image-2022-10-18-16-09-21-603.png!
>
> !image-2022-10-18-16-09-45-520.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)