XSS leak in standard search field
---------------------------------
Key: MGNLSTK-660
URL: http://jira.magnolia-cms.com/browse/MGNLSTK-660
Project: Magnolia Standard Templating Kit
Issue Type: Bug
Affects Versions: 1.3.1
Reporter: Hay Kranen
Assignee: Philipp Bärfuss
Priority: Critical
HTML content is not escaped in the two search fields in the default STK site
(the default one at the top, and the one on the bottom on the results page).
E.g, search for
"><script>alert("xss");</script>
This works on the live Magnolia-cms.com site:
http://www.magnolia-cms.com/home/top-level/searchResult.html?queryStr=%22%3E%3Cscript%3Edocument.write%28%27%3Cobject+width%3D%22480%22+height%3D%22385%22%3E%3Cparam+name%3D%22movie%22+value%3D%22http%3A%2F%2Fwww.youtube.com%2Fv%2FiwGFalTRHDA%26amp%3Bhl%3Den_US%26amp%3Bfs%3D1%22%3E%3C%2Fparam%3E%3Cparam+name%3D%22allowFullScreen%22+value%3D%22true%22%3E%3C%2Fparam%3E%3Cparam+name%3D%22allowscriptaccess%22+value%3D%22always%22%3E%3C%2Fparam%3E%3Cembed+src%3D%22http%3A%2F%2Fwww.youtube.com%2Fv%2FiwGFalTRHDA%26amp%3Bhl%3Den_US%26amp%3Bfs%3D1%22+type%3D%22application%2Fx-shockwave-flash%22+allowscriptaccess%3D%22always%22+allowfullscreen%3D%22true%22+width%3D%22480%22+height%3D%22385%22%3E%3C%2Fembed%3E%3C%2Fobject%3E%27%29%3B%3C%2Fscript%3E
Related to issue MGNLSTK-617
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
