[magnolia-dev] [JIRA] Assigned: (MAGNOLIA-590) Cross Site Scripting Vulnerability (XSS) in Search template

Fabrizio Giustina (JIRA) Wed, 08 Mar 2006 03:40:18 -0800

     [ http://jira.magnolia.info/browse/MAGNOLIA-590?page=all ]


Fabrizio Giustina reassigned MAGNOLIA-590:
------------------------------------------

    Assign To: Fabrizio Giustina  (was: Philipp Bracher)

> Cross Site Scripting Vulnerability (XSS) in Search template
> -----------------------------------------------------------
>
>          Key: MAGNOLIA-590
>          URL: http://jira.magnolia.info/browse/MAGNOLIA-590
>      Project: magnolia
>         Type: Bug

>     Reporter: Oliver Lietz
>     Assignee: Fabrizio Giustina
>     Priority: Critical
>  Attachments: search.patch
>
>
> file: webapp/templates/jsp/samples/search.jsp
> User input/output is not escaped, attacker could inject (script) code into 
> page and steal cookie/login information.
> magnolia.info is also affected:
> http://www.magnolia.info/en/search.html?query=<script>alert("XSS");</script>
> This is a *very* simple XSS vulnerability  test.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/magnolia/developer.html
----------------------------------------------------------------

[magnolia-dev] [JIRA] Assigned: (MAGNOLIA-590) Cross Site Scripting Vulnerability (XSS) in Search template

Reply via email to