[jira] [Created] (JENA-1123) Cross Site Scripting (XSS) vulnerability on Fuseki 2.3.1

Massimiliano Ricci (JIRA) Wed, 27 Jan 2016 06:33:30 -0800

Massimiliano Ricci created JENA-1123:
----------------------------------------


             Summary: Cross Site Scripting (XSS) vulnerability on Fuseki 2.3.1
                 Key: JENA-1123
                 URL: https://issues.apache.org/jira/browse/JENA-1123
             Project: Apache Jena
          Issue Type: Bug
          Components: Fuseki
    Affects Versions: Fuseki 2.3.1
            Reporter: Massimiliano Ricci


In fuseki web interface, dataset.html page -> tab "query"
it's possible to write query like:

SELECT "<script>alert(document.domain)</script>" WHERE { ?subject ?predicate 
?object } LIMIT 25 

that show a pop-up with hostname.
Probably the problem is with the YASQE dependency.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (JENA-1123) Cross Site Scripting (XSS) vulnerability on Fuseki 2.3.1

Reply via email to