[
https://issues.apache.org/jira/browse/TRINIDAD-1798?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matthias Weßendorf resolved TRINIDAD-1798.
------------------------------------------
Resolution: Fixed
Fix Version/s: 2.0.0.4-core
1.2.15-core
Assignee: Matthias Weßendorf
> XSS attack while launching Pop up
> ---------------------------------
>
> Key: TRINIDAD-1798
> URL: https://issues.apache.org/jira/browse/TRINIDAD-1798
> Project: MyFaces Trinidad
> Issue Type: Bug
> Affects Versions: 1.2.9-core
> Reporter: Virginie reverse
> Assignee: Matthias Weßendorf
> Priority: Critical
> Fix For: 1.2.15-core , 2.0.0.4-core
>
>
> hello,
> I am using Tinidad 1.2.9, JSF 1.2 and tomcat 5.5.26.
> I am launching a pop up with this command :
> <tr:commandLink id="idAddCurrencyDialog"
> text="#{msg.updateAttributes_add_currency}"
> action="dialog:addModifyAttribute" useWindow="true" partialSubmit="true"
> launchListener="#{updateAttributesController.launchAddCurrencyDialog}"
> returnListener="#{updateAttributesController.returnFromDialogAttribute}"
> windowHeight="500" windowWidth="500"/>
> Here is the command generated :
> https://xxx/yyy/faces/__ADFv__?_afPfm=-543e4359&_t=fred&_vir=/common/pages/secure/common/dialog/addModifyAttribute.jspx&loc=en&_minWidth=500&_minHeight=500&_rtrnId=1
> The problem is that it's allowing cross site script attack , you can insert
> javascript in the :
> _minWidth, _minHeight or_rtrnId
> For exple :
> https://xxx/yyyy/faces/__ADFv__?_afPfm=-543e4359&_t=fred&_vir=/common/pages/secure/common/dialog/addModifyAttribute.jspx&loc=en&_minWidth=500&_minHeight=500});alert(document.cookie);//&_rtrnId=1
> I tried to upgrade to 1.2.13, but there was still the problem.
> Do you know a work around or is it possible to fix this security breach ?
> thxs
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
