XSS Vulnerability in jpfScopeID
-------------------------------
Key: BEEHIVE-1197
URL: https://issues.apache.org/jira/browse/BEEHIVE-1197
Project: Beehive
Issue Type: Bug
Components: NetUI
Affects Versions: 1.0.2, 1.0.1, 1.0, v1m1, V1Beta, V1Alpha, V.Next
Environment: Any
Reporter: Scott L'Hommedieu
When a processing a request to a url such as
http://xxx/xx.jfp?jpfScopeID=";<script> , resulting links in response will
include the scope id as is. Such as ?jpfScopeID="<>?.
Since jpfScopeID appending is not controlled by end user code, this behavior
possibly cause XSS vulnerability.
For example, if giving url like
.....submit.do?jpfScopeID=%22%3E%3Cscript%3Ealert('gotcha')%3C/script%3E
The browser will evaluate and run the script.
This affects several tags and scoping bits.
Fix is to html encode the jpfScopeID in ScopedServletUtils and call that from
tags and such.
I can attach a patch shortly.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
