[
https://issues.apache.org/jira/browse/JCR-1925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jukka Zitting updated JCR-1925:
-------------------------------
Affects Version/s: 1.4
> CVE-2009-0026: Cross site scripting issues in webapp
> ----------------------------------------------------
>
> Key: JCR-1925
> URL: https://issues.apache.org/jira/browse/JCR-1925
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-webapp
> Affects Versions: 1.4, 1.5.0
> Reporter: Jukka Zitting
> Assignee: Jukka Zitting
> Fix For: 1.5.1
>
>
> Some of the jackrabbit-webapp forms don't properly escape user input when
> displaying it in the resulting HTML page. This leads to potential cross site
> scripting issues. For example:
> search.jsp?q=%25%22%3Cscript%3Ealert(1)%3C/script%3E
> swr.jsp?q=%25"<script>alert(1)</script>&swrnum=1
> The CVE id for this issue is CVE-2009-0026. This issue was reported by the
> Red Hat Security Response Team.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
