[
https://issues.apache.org/jira/browse/OFBIZ-2747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12733943#action_12733943
]
Scott Gray commented on OFBIZ-2747:
-----------------------------------
ProductStoreWorker.getRandomSurveyWrapper(...) passes the parameter map through
as "passThru" parameters to the ProductStoreSurveyWrapper which are then
rendered in genericsurvey.ftl
I'm not sure of the reason for doing so, but we could just stop doing that and
then wait for a bug report for whatever functionality was lost and deal with
that less critical problem in a security conscious manner.
> Security : The remote web server is prone to cross-site scripting attacks.
> ---------------------------------------------------------------------------
>
> Key: OFBIZ-2747
> URL: https://issues.apache.org/jira/browse/OFBIZ-2747
> Project: OFBiz
> Issue Type: Bug
> Components: specialpurpose/ecommerce
> Affects Versions: SVN trunk
> Reporter: Alexandre Mazari
> Priority: Critical
>
> The pollbox seems to be subjet to request argument injection, without any
> strip of html tags (ex : <script>).
> Nessus scan log :
> Web Server Generic XSS
> Synopsis :
> The remote web server is prone to cross-site scripting attacks.
> Description :
> The remote host is running a web server that fails to adequately
> sanitize request strings of malicious JavaScript. By leveraging this
> issue, an attacker may be able to cause arbitrary HTML and script code
> to be executed in a user's browser within the security context of the
> affected site.
> See also :
> http://en.wikipedia.org/wiki/Cross-site_scripting
> Solution :
> Contact the vendor for a patch or upgrade.
> Risk factor :
> Medium / CVSS Base Score : 4.3
> (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
> Plugin output :
> The request string used to detect this flaw was :
> /?<script>cross_site_scripting.nasl</script>
> The output was :
> HTTP/1.1 200 OK
> Server: Apache-Coyote/1.1
> X-Powered-By: JSP/2.1
> Set-Cookie: OFBiz.Visitor=12065; Expires=Wed, 21-Jul-2010 21:31:20 GMT; Path=/
> Content-Type: text/html;charset=UTF-8
> Transfer-Encoding: chunked
> Date: Tue, 21 Jul 2009 21:31:19 GMT
> [...]
> <h3>Mouse Hand Poll</h3>
> <div class="screenlet-body">
> <form method="post" action="/control/minipoll/main" style="margin: 0;">
> <input type="hidden" name="<script>cross_site_scripting.nasl</script>"
> value=""/>
> <input type="hidden" name="surveyId" value="1004"/>
> <table width="100%" border="0" cellpadding="2" cellspacing="0">
> [...]
> CVE : CVE-2002-1060, CVE-2003-1543, CVE-2005-2453, CVE-2006-1681
> BID : 5305, 7344, 7353, 8037, 14473, 17408
> Other references : OSVDB:4989, OSVDB:18525, OSVDB:24469, OSVDB:42314
> Nessus ID : 10815
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
