[jira] [Commented] (ISIS-3077) [Vulnerability] Scalar Value Output Rendering is not escaped. (XSS Vulnarability)

ASF subversion and git services (Jira) Thu, 23 Jun 2022 01:50:06 -0700


    [ 
https://issues.apache.org/jira/browse/ISIS-3077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17557887#comment-17557887
 ]


ASF subversion and git services commented on ISIS-3077:
-------------------------------------------------------

Commit fa83d7a56ad5b3e0d6c3467e960c914b1988c981 in isis's branch 
refs/heads/master from Andi Huber
[ https://gitbox.apache.org/repos/asf?p=isis.git;h=fa83d7a56a ]

ISIS-3077: minor: renaming var

> [Vulnerability] Scalar Value Output Rendering is not escaped. (XSS 
> Vulnarability)
> ---------------------------------------------------------------------------------
>
>                 Key: ISIS-3077
>                 URL: https://issues.apache.org/jira/browse/ISIS-3077
>             Project: Isis
>          Issue Type: Bug
>          Components: Isis Viewer Wicket
>            Reporter: Jörg Rade
>            Assignee: Andi Huber
>            Priority: Critical
>              Labels: vulnerability
>             Fix For: 2.0.0-M8
>
>
> Problem is with Wicket Viewer's scalar value output rendering: string value 
> gets interpreted/executed by the browser. Vulnerability was probably 
> introduced post M7.
> see
> https://the-asf.slack.com/archives/CFC42LWBV/p1655298008979249?thread_ts=1655296945.755859&cid=CFC42LWBV



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

[jira] [Commented] (ISIS-3077) [Vulnerability] Scalar Value Output Rendering is not escaped. (XSS Vulnarability)

Reply via email to