You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Dan Klco (Jira)" <ji...@apache.org> on 2022/11/02 11:57:00 UTC

[jira] [Closed] (SLING-11622) Unexpected input may cause xss risk in Taxonomy

     [ https://issues.apache.org/jira/browse/SLING-11622?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dan Klco closed SLING-11622.
----------------------------

> Unexpected input may cause xss risk in Taxonomy
> -----------------------------------------------
>
>                 Key: SLING-11622
>                 URL: https://issues.apache.org/jira/browse/SLING-11622
>             Project: Sling
>          Issue Type: Bug
>          Components: App CMS
>    Affects Versions: App CMS 1.1.0
>            Reporter: QSec-Team
>            Assignee: Dan Klco
>            Priority: Major
>             Fix For: App CMS 1.1.2
>
>         Attachments: image-2022-10-18-16-09-21-603.png, image-2022-10-18-16-09-45-520.png
>
>
> when we use sling-cms demo ，we find it that input in [+taxonomy item]  may cause the XSS vulnerability。
> some one like eg.
> {code:java}
> //代码占位符
> "><svg onload=alert('xss')></svg> {code}
> !image-2022-10-18-16-09-21-603.png!
>  
> !image-2022-10-18-16-09-45-520.png!



--
This message was sent by Atlassian Jira
(v8.20.10#820010)