[
https://issues.apache.org/jira/browse/SLING-2974?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler resolved SLING-2974.
-------------------------------------
Resolution: Fixed
I've added XML escaping with revision 1504776 - although it should not be
required to check the context path, I added the escaping to all variables.
> XSS vulnerability in AbstractAuthenticationFormServlet
> ------------------------------------------------------
>
> Key: SLING-2974
> URL: https://issues.apache.org/jira/browse/SLING-2974
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Auth Core 1.1.2
> Reporter: Julian Sedding
> Assignee: Carsten Ziegeler
> Fix For: Auth Core 1.1.4
>
>
> The AbstractAuthenticationFormServlet replaces placeholders in an HTML page
> with user-provided input without taking care of proper escaping of the input.
> Hence it is possible to construct an XSS-attack exploiting this servlet.
> This is made worse by the fact that this servlet doesn't provide an obvious
> way to disable it. Setting the sling.servlet.path="-" using content based
> configuration did the trick in my case, however.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
