Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: 2.4 RC1
Affects Version/s: 2.3, 2.2.6, 2.4 M2
Component/s: Web - Templates & Resources
Labels:
None

keywords:
security, xss, patch
Tests:

Integration
Difficulty:
Trivial
Similar issues:

Description

Multiple issues with different parameters, example:

http://localhost:8080/xwiki/bin/admin/XWiki/AdminSheet?xpage=admin&editor=%22;alert%285%29;%2F%2F%3E%3Cscript%3Ealert%282%29%3C%2Fscript%3E
http://localhost:8080/xwiki/bin/view/Main/?xpage=admin&section=";alert(5);%2F%2F><script>alert(2)<%2Fscript>
http://localhost:8080/xwiki/bin/admin/XWiki/AdminSheet?section=%22;alert%285%29;%2F%2F%3E%3Cscript%3Ealert%282%29%3C%2Fscript%3E

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

XWIKI-5190-fix-v2.patch
2 kB
17/May/10 00:35
XWIKI-5190-test-v2-updated.patch
2 kB
18/Jun/10 15:05

Activity

People

Assignee:: Sergiu Dumitriu

Reporter:: Alex Busenius

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 14/May/10 21:36

Updated:: 02/Dec/22 10:46

Resolved:: 04/Jul/10 18:31

Date of First Response:: 04/Jul/10 5:57 PM