[
https://issues.apache.org/jira/browse/JCR-3950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Julian Reschke updated JCR-3950:
--------------------------------
Description: The XSS vulnerability patched in JCR-3630 applies to the
parent name (and the repository metadata) as well, thus more needs to be
escaped. (was: lars krapf reported an XSS in the DirListingExportHandler and
provided the attached patch.)
> CLONE - XSS in DirListingExportHandler
> --------------------------------------
>
> Key: JCR-3950
> URL: https://issues.apache.org/jira/browse/JCR-3950
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-jcr-server
> Reporter: Julian Reschke
> Assignee: Julian Reschke
>
> The XSS vulnerability patched in JCR-3630 applies to the parent name (and the
> repository metadata) as well, thus more needs to be escaped.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
