Cross site scripting issues in webapp
-------------------------------------
Key: JCR-1925
URL: https://issues.apache.org/jira/browse/JCR-1925
Project: Jackrabbit
Issue Type: Bug
Components: jackrabbit-webapp
Affects Versions: 1.5.0
Reporter: Jukka Zitting
Some of the jackrabbit-webapp forms don't properly escape user input when
displaying it in the resulting HTML page. This leads to potential cross site
scripting issues. For example:
search.jsp?q=%25%22%3Cscript%3Ealert(1)%3C/script%3E
swr.jsp?q=%25"<script>alert(1)</script>&swrnum=1
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
