Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: 2.4
Affects Version/s: 2.3, 2.2.6, 2.4
Component/s: Web - Templates & Resources
Labels:
None

keywords:
security, xss, sql injection, patch
Tests:

Integration
Difficulty:
Trivial
Similar issues:

Description

HQL injection over "text" parameter:

http://localhost:8080/xwiki/bin/view/Main/WebHome?xpage=browsewysiwyg&text=%27buh

XSS over space:

http://localhost:8080/xwiki/bin/view/"><script>alert(1)<%2Fscript><div+id%3D"/WebHome?xpage=browsewysiwyg

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

XWIKI-5193-fix.patch
3 kB
18/May/10 15:11
XWIKI-5193-test-updated.patch
3 kB
18/Jun/10 15:20

Activity

People

Assignee:: Sergiu Dumitriu

Reporter:: Alex Busenius

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 14/May/10 22:10

Updated:: 02/Dec/22 10:47

Resolved:: 10/Jul/10 20:14

Date of First Response:: 10/Jul/10 12:40 PM