[ https://issues.apache.org/jira/browse/JSPWIKI-1140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17429579#comment-17429579 ]
ASF subversion and git services commented on JSPWIKI-1140: ---------------------------------------------------------- Commit d231ea0a085b9c5da10a053d0fb30f745f4adaef in jspwiki's branch refs/heads/master from Juan Pablo Santos Rodríguez [ https://gitbox.apache.org/repos/asf?p=jspwiki.git;h=d231ea0 ] JSPWIKI-1140: Autogenerate changenote on page comments > Autogenerate changenote on page comments > ---------------------------------------- > > Key: JSPWIKI-1140 > URL: https://issues.apache.org/jira/browse/JSPWIKI-1140 > Project: JSPWiki > Issue Type: Task > Components: Core & storage > Affects Versions: 2.11.0-M8 > Environment: Windows new version > Firefox version 84.0.1 > Reporter: Nguyen Dang Khai > Priority: Minor > Fix For: 2.11.0 > > Attachments: wiki.mp4 > > > In the comment function, users can impersonate other users to leave comments. > Vulnerable code is *line 86* in *Comment.jsp* : > {code:java} > // String author = TextUtil.replaceEntities( request.getParameter("author") > ); > {code} > Replace any *user* in parameter *author* to impersonate. > * Request : > {code:java} > POST /wikijsp_m8_war/Comment.jsp?page=Main HTTP/1.1 > Host: localhost:8080 > page=Main&action=save&encodingcheck=%E3%81%81&xnfull=1608888733842&submit_auth=&ok=&changenote=&author=dangkhai&link=&_editedtext=n%C3%A2nna%0D%0A{code} -- This message was sent by Atlassian Jira (v8.3.4#803005)