You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-dev@lucene.apache.org by "Erik Hatcher (JIRA)" <ji...@apache.org> on 2009/02/21 11:48:01 UTC
[jira] Resolved: (SOLR-1031) XSS vulnerability in schema.jsp (patch
included)
[ https://issues.apache.org/jira/browse/SOLR-1031?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Erik Hatcher resolved SOLR-1031.
--------------------------------
Resolution: Fixed
patch applied, tested, and committed. thanks, Paul and Peter!
> XSS vulnerability in schema.jsp (patch included)
> ------------------------------------------------
>
> Key: SOLR-1031
> URL: https://issues.apache.org/jira/browse/SOLR-1031
> Project: Solr
> Issue Type: Bug
> Components: web gui
> Affects Versions: 1.2, 1.3
> Reporter: Paul Lovvik
> Attachments: SchemaXSS.patch, SOLR-1031.patch
>
>
> If javascript is embedded in any of the fields, it is possible for that javascript to be executed when viewing the schema.
> The javascript will appear in the "Top Terms" part of the UI.
> I have created a simple patch to prevent this problem from occurring.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.