Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: 2.4
Affects Version/s: 2.3, 2.2.6, 2.4 RC1
Component/s: Web - Templates & Resources
Labels:
None

keywords:
security, xss, patch
Tests:

Integration
Difficulty:
Trivial
Similar issues:

Description

Injection over "xredirect", example:

http://localhost:8080/xwiki/bin/view/Main/?viewer=attachments&xredirect=%22;alert%285%29;%2F%2F%3E%3Cscript%3Ealert%282%29%3C%2Fscript%3E

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

XWIKI-5191-test-updated.patch
1 kB
18/Jun/10 15:12
XWIKI-5191-fix.patch
4 kB
17/May/10 20:46

Activity

People

Assignee:: Sergiu Dumitriu

Reporter:: Alex Busenius

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 14/May/10 21:40

Updated:: 02/Dec/22 10:47

Resolved:: 10/Jul/10 11:42

Date of First Response:: 10/Jul/10 11:42 AM