You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2011/08/16 08:08:31 UTC
[jira] [Closed] (SLING-2082) XSS vulnerability: HtmlResponse output
does not escape URLs in HTML
[ https://issues.apache.org/jira/browse/SLING-2082?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler closed SLING-2082.
-----------------------------------
> XSS vulnerability: HtmlResponse output does not escape URLs in HTML
> -------------------------------------------------------------------
>
> Key: SLING-2082
> URL: https://issues.apache.org/jira/browse/SLING-2082
> Project: Sling
> Issue Type: Bug
> Components: API, Servlets
> Affects Versions: Servlets Post 2.1.0, API 2.2.0
> Reporter: Alexander Klimetschek
> Assignee: Bertrand Delacretaz
> Fix For: Servlets Post 2.1.2, API 2.2.2
>
>
> A POST request including a <script> in the URL can lead to execution of that script in the browser:
> http://localhost:4502/does/not/exist.html/%22%3e%3cscript%3ealert(29679)%3c/script%3e
> Test with curl:
> curl -X POST "http://localhost:4502/does/not/exist.html/%22%3e%3cscript%3ealert(29679)%3c/script%3e"
> I think this applies to both org/apache/sling/api/servlets/HtmlResponse and org/apache/sling/servlets/post/HtmlResponse, but not sure how to trigger the first one.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira