[
https://issues.apache.org/jira/browse/BEEHIVE-1197?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carlin Rogers reassigned BEEHIVE-1197:
--------------------------------------
Assignee: Julie Zhuo (was: Carlin Rogers)
> XSS Vulnerability in jpfScopeID
> -------------------------------
>
> Key: BEEHIVE-1197
> URL: https://issues.apache.org/jira/browse/BEEHIVE-1197
> Project: Beehive
> Issue Type: Bug
> Components: NetUI
> Affects Versions: V1Alpha, V1Beta, v1m1, 1.0, 1.0.1, 1.0.2, V.Next
> Environment: Any
> Reporter: Scott L'Hommedieu
> Assignee: Julie Zhuo
> Priority: Critical
> Fix For: V.Next
>
> Attachments: patch.txt
>
>
> When a processing a request to a url such as
> http://xxx/xx.jfp?jpfScopeID=";<script> , resulting links in response will
> include the scope id as is. Such as ?jpfScopeID="<>?.
> Since jpfScopeID appending is not controlled by end user code, this behavior
> possibly cause XSS vulnerability.
> For example, if giving url like
> .....submit.do?jpfScopeID=%22%3E%3Cscript%3Ealert('gotcha')%3C/script%3E
> The browser will evaluate and run the script.
> This affects several tags and scoping bits.
> Fix is to html encode the jpfScopeID in ScopedServletUtils and call that from
> tags and such.
> I can attach a patch shortly.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
