XSS vulerability in Magnolia Inbox
----------------------------------
Key: MAGNOLIA-3867
URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-3867
Project: Magnolia
Issue Type: Improvement
Security Level: Public
Components: workflow
Affects Versions: 4.4.5
Environment: any
Reporter: Martin Schmid
Assignee: Grégory Joseph
We figured out that a content operator (editor) can put javascript code to the
avtiavtion dialog.
The JS code will be executed on the publisher inbox.
To avoid this, change the line (in class
info.magnolia.module.workflow.inbox.Inbox):
============
list.addColumn(new ListColumn("comment", msgs.get("inbox.comment"),
"200", true));
============
to the following:
============
list.addColumn(new ListColumn() {
{
setName("comment");
setLabel(msgs.get("inbox.comment"));
setWidth("200px");
setSeparator(true);
}
@Override
public Object getValue() {
openwfe.org.engine.workitem.StringAttribute str =
(openwfe.org.engine.workitem.StringAttribute) super.getValue();
return StringEscapeUtils.escapeHtml(str.getValue().toString());
}
});
============
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
