Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-5205

Reflected XSS in contentview.vm

    XMLWordPrintable

Details

    • security, xss, patch
    • Integration
    • Trivial

    Description

      Injection over page name, example:

      http://localhost:8080/xwiki/bin/view/Main/%3Cscript%3Ealert%28123%29%3C%2Fscript%3E?xpage=contentview

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-4757 Persistant XSS vulnerabulity through document titles.

          • Major - Major loss of function.
          • Closed

          Activity

            People

              calebjamesdelisle CalebJamesDeLisle
              nickless Alex Busenius
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: