Re: XSS flaw in Available SOAP services page

[Glen Mazza]

But how could Bad Guy inject that on the Available SOAP services page?  
AFAIK cross-site scripting is only a problem when you allow user entry 
of fields that are reproduced as-is on HTML pages.

Glen
On 2/24/2011 11:44 AM, sami wrote:
On the "Available SOAP services page", I have an XSS injection problem.
Ex :
  http://localhost:8080/webapp/services/<script>alert('XSS')</script>

This could be used against site using CXf for phishing.

What do you recommend to prevent that problem?

Thanks,
Emeric