Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: 2.3.1, 2.4 M1
Affects Version/s: 2.3, 2.2.6, 2.4 M1
Component/s: {Unused} Core
Labels:
None

keywords:
security, xss, patch
Tests:

Integration
Difficulty:
Trivial
Similar issues:

Description

The detailed information shown on errors contains an unescaped stack trace, which can be used to inject JavaScript. Example using an invalid revision:

http://localhost:8080/xwiki/bin/viewrev/Main/WebHome?rev=%3Cscript%3Ealert%28%22buh%22%29%3C%2Fscript%3E

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

XWIKI-5170-fix.patch
0.5 kB
07/May/10 12:53
XWIKI-5170-test.patch
2 kB
07/May/10 12:53

Activity

People

Assignee:: Sergiu Dumitriu

Reporter:: Alex Busenius

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 07/May/10 12:49

Updated:: 02/Dec/22 10:45

Resolved:: 16/May/10 23:23

Date of First Response:: 16/May/10 11:23 PM