Uploaded image for project: '{RETIRED} XWiki Enterprise'
  1. {RETIRED} XWiki Enterprise
  2. XE-24

Vulnerability in the search page

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 1.0 B4
    • 0.9.543, 0.9.793, 0.9.840, 0.9.1252, 1.0 B1, 1.0 B2, 1.0 B3
    • {Unused} Search Application
    • None

    Description

      Javascript code can be inserted in the search field, allowing cross site scripting attacks.

      Radeox code can be inserted and interpreted in the search field.

      Attachments

        Issue Links

          blocks

          Improvement - An improvement or enhancement to an existing feature or task. XWIKI-570 Search Interface & User Experience Improvements

          • Major - Major loss of function.
          • Closed

          Activity

            People

              sdumitriu Sergiu Dumitriu
              sdumitriu Sergiu Dumitriu
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: