[jira] [Created] (SLING-11622) Unexpected input may cause xss risk in Taxonomy

QSec-Team (Jira) Tue, 18 Oct 2022 01:13:10 -0700

QSec-Team created SLING-11622:
---------------------------------

             Summary: Unexpected input may cause xss risk in Taxonomy
                 Key: SLING-11622
                 URL: https://issues.apache.org/jira/browse/SLING-11622
             Project: Sling
          Issue Type: Bug
          Components: App CMS
    Affects Versions: App CMS 1.1.0
            Reporter: QSec-Team
         Attachments: image-2022-10-18-16-09-21-603.png, 
image-2022-10-18-16-09-45-520.png


when we use sling-cms demo ，we find it that input in [+taxonomy item]  may 
cause the XSS vulnerability。

some one like eg.
{code:java}
//代码占位符
"><svg onload=alert('xss')></svg> {code}
!image-2022-10-18-16-09-21-603.png!

 

!image-2022-10-18-16-09-45-520.png!



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (SLING-11622) Unexpected input may cause xss risk in Taxonomy

Reply via email to