Details
-
Bug
-
Resolution: Fixed
-
Major
-
2.3, 2.2.6, 2.4 RC1
-
None
-
security, xss, patch
-
Integration
-
Trivial
-
Description
Injection over "xredirect", example:
http://localhost:8080/xwiki/bin/view/Main/?viewer=attachments&xredirect=%22;alert%285%29;%2F%2F%3E%3Cscript%3Ealert%282%29%3C%2Fscript%3E