[
http://jira.magnolia-cms.com/browse/MAGNOLIA-3867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Grégory Joseph updated MAGNOLIA-3867:
-------------------------------------
Summary: XSS vulnerability in Magnolia Inbox (was: XSS vulerability in
Magnolia Inbox)
> XSS vulnerability in Magnolia Inbox
> -----------------------------------
>
> Key: MAGNOLIA-3867
> URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-3867
> Project: Magnolia
> Issue Type: Bug
> Security Level: Public
> Components: workflow
> Affects Versions: 4.4.5
> Environment: any
> Reporter: Martin Schmid
> Assignee: Ondřej Chytil
> Priority: Blocker
> Fix For: 4.4.6
>
>
> We figured out that a content operator (editor) can put javascript code to
> the avtiavtion dialog.
> The JS code will be executed on the publisher inbox.
> To avoid this, change the line (in class
> info.magnolia.module.workflow.inbox.Inbox):
> ============
> list.addColumn(new ListColumn("comment", msgs.get("inbox.comment"),
> "200", true));
> ============
> to the following:
> ============
> list.addColumn(new ListColumn() {
> {
> setName("comment");
> setLabel(msgs.get("inbox.comment"));
> setWidth("200px");
> setSeparator(true);
> }
> @Override
> public Object getValue() {
> openwfe.org.engine.workitem.StringAttribute str =
> (openwfe.org.engine.workitem.StringAttribute) super.getValue();
> return StringEscapeUtils.escapeHtml(str.getValue().toString());
> }
> });
> ============
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
