[magnolia-dev] [JIRA] Assigned: (MAGNOLIA-590) Cross Site Scripting Vulnerability (XSS) in Search template

dev-list Tue, 01 Nov 2005 13:18:57 -0800

     [ http://jira.magnolia.info/browse/MAGNOLIA-590?page=all ]


Boris Kraft reassigned MAGNOLIA-590:
------------------------------------

    Assign To: Philipp Bracher  (was: Boris Kraft)

> Cross Site Scripting Vulnerability (XSS) in Search template
> -----------------------------------------------------------
>
>          Key: MAGNOLIA-590
>          URL: http://jira.magnolia.info/browse/MAGNOLIA-590
>      Project: magnolia wcm
>         Type: Bug
>     Reporter: Oliver Lietz
>     Assignee: Philipp Bracher
>     Priority: Critical

>
>
> file: webapp/templates/jsp/samples/search.jsp
> User input/output is not escaped, attacker could inject (script) code into 
> page and steal cookie/login information.
> magnolia.info is also affected:
> http://www.magnolia.info/en/search.html?query=<script>alert("XSS");</script>
> This is a *very* simple XSS vulnerability  test.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/magnolia/developer.html
----------------------------------------------------------------

[magnolia-dev] [JIRA] Assigned: (MAGNOLIA-590) Cross Site Scripting Vulnerability (XSS) in Search template

Reply via email to