Uploaded image for project: 'XWiki Rendering'
  1. XWiki Rendering
  2. XRENDERING-663

XSS Javascript injection via XWiki 2.x syntax

    XMLWordPrintable

Details

    • Unit
    • High
    • Hard
    • N/A
    • N/A
    • Pull Request accepted

    Description

      To reproduce, just type the following in any document :

      [[Click!>>path:javascript:alert('XSS')]].
      

      Attachments

        1. XWiki-9151
          5 kB
          Thomas Delafosse

        Issue Links

          Activity

            People

              MichaelHamann Michael Hamann
              thomas_delafosse Thomas Delafosse
              Chenming Xu, Diana
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: