[ https://issues.apache.org/jira/browse/SOLR-4861?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Erick Erickson closed SOLR-4861. -------------------------------- Resolution: Not A Problem > Simple reflected cross site scripting vulnerability > --------------------------------------------------- > > Key: SOLR-4861 > URL: https://issues.apache.org/jira/browse/SOLR-4861 > Project: Solr > Issue Type: Bug > Components: web gui > Affects Versions: 4.2, 4.3 > Environment: Requires web ui / Jetty Solr to be exploited. > Reporter: John Menerick > Labels: security > > There exists a simple XSS via the 404 Jetty / Solr code. Within > JettySolrRunner.java, line 465, if someone asks for a non-existent page / url > which contains malicious code, the "Can not find" can be escaped and > malicious code will be executed on the victim's browser. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org