[jira] [Updated] (FELIX-6128) Issue in the bundle Web Console

Karl Pauls (JIRA) Wed, 15 May 2019 13:21:47 -0700


     [ 
https://issues.apache.org/jira/browse/FELIX-6128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Karl Pauls updated FELIX-6128:
------------------------------
    Fix Version/s: webconsole-4.3.10

> Issue in the bundle Web Console
> -------------------------------
>
>                 Key: FELIX-6128
>                 URL: https://issues.apache.org/jira/browse/FELIX-6128
>             Project: Felix
>          Issue Type: Bug
>          Components: Web Console
>            Reporter: Antonio Sanso
>            Assignee: Karl Pauls
>            Priority: Major
>             Fix For: webconsole-4.3.10
>
>         Attachments: escape_bundle_name_and_manifest_headers.patch, 
> escape_bundle_name_and_other_manifest_headers.patch, image002.png, 
> image003.png
>
>
> RunningSnail  reported an XSS issue in the bundle Web Console.
> After logining,I visit the page whose url is 
> http://127.0.0.1:8080/system/console/bundles.
> Then I click "Install/Update" and before uploading a jar file,I change the 
> content of the "MANIFEST.MF" in the jar file.
> So when an admin visit the page,he will be affected by the stored xss. 
> See attached images



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (FELIX-6128) Issue in the bundle Web Console

Reply via email to