You are viewing a plain text version of this content. The canonical link for it is here.

Posted to solr-dev@lucene.apache.org by "Erik Hatcher (JIRA)" <ji...@apache.org> on 2009/02/21 11:48:01 UTC

[jira] Resolved: (SOLR-1031) XSS vulnerability in schema.jsp (patch included)

     [ https://issues.apache.org/jira/browse/SOLR-1031?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Erik Hatcher resolved SOLR-1031.
--------------------------------

    Resolution: Fixed

patch applied, tested, and committed.  thanks, Paul and Peter!

> XSS vulnerability in schema.jsp (patch included)
> ------------------------------------------------
>
>                 Key: SOLR-1031
>                 URL: https://issues.apache.org/jira/browse/SOLR-1031
>             Project: Solr
>          Issue Type: Bug
>          Components: web gui
>    Affects Versions: 1.2, 1.3
>            Reporter: Paul Lovvik
>         Attachments: SchemaXSS.patch, SOLR-1031.patch
>
>
> If javascript is embedded in any of the fields, it is possible for that javascript to be executed when viewing the schema.
> The javascript will appear in the "Top Terms" part of the UI.
> I have created a simple patch to prevent this problem from occurring.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.