Details
-
Bug
-
Resolution: Fixed
-
Major
-
2.3, 2.2.6, 2.4 RC1
-
None
-
security, xss, patch
-
Integration
-
Trivial
-
Description
Injection over page name, example:
http://localhost:8080/xwiki/bin/view/Main/%3Cscript%3Ealert%28123%29%3C%2Fscript%3E?xpage=contentview
Attachments
Issue Links
- is duplicated by
-
XWIKI-4757 Persistant XSS vulnerabulity through document titles.
- Closed