[ https://issues.apache.org/jira/browse/SOLR-8308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15035099#comment-15035099 ]
Erik Hatcher commented on SOLR-8308: ------------------------------------ with the latest patch, all tests pass and the described steps above to rename the core results in a core rename exception. > XSS vulnerability > ----------------- > > Key: SOLR-8308 > URL: https://issues.apache.org/jira/browse/SOLR-8308 > Project: Solr > Issue Type: Bug > Reporter: Adam Johnson > Attachments: SOLR-8308.patch, SOLR-8308.patch > > > You can rename a core using the following modified URL > https://SOLR:PORT/solr/admin/cores?wt=json&indexInfo=false&action=RENAME&core=test_app_shared2_replica2&other=%3Csvg+onload%3Dalert(1)%3E&_=1445468005152. > The core becomes inaccessible / unusable. There should be more form > validation to the core name assignment -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org