[jira] Resolved: (JCR-1925) Cross site scripting issues in webapp

Jukka Zitting (JIRA) Thu, 08 Jan 2009 07:23:21 -0800

     [ 
https://issues.apache.org/jira/browse/JCR-1925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jukka Zitting resolved JCR-1925.
--------------------------------

       Resolution: Fixed
    Fix Version/s: 1.5.1
         Assignee: Jukka Zitting

Fixed in revision 732715. Scheduling for 1.5.1.

> Cross site scripting issues in webapp
> -------------------------------------
>
>                 Key: JCR-1925
>                 URL: https://issues.apache.org/jira/browse/JCR-1925
>             Project: Jackrabbit
>          Issue Type: Bug
>          Components: jackrabbit-webapp
>    Affects Versions: 1.5.0
>            Reporter: Jukka Zitting
>            Assignee: Jukka Zitting
>             Fix For: 1.5.1
>
>
> Some of the jackrabbit-webapp forms don't properly escape user input when 
> displaying it in the resulting HTML page. This leads to potential cross site 
> scripting issues. For example:
>     search.jsp?q=%25%22%3Cscript%3Ealert(1)%3C/script%3E
>     swr.jsp?q=%25"<script>alert(1)</script>&swrnum=1

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (JCR-1925) Cross site scripting issues in webapp

Reply via email to