Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-5397

XSS in commentsinline.vm

    XMLWordPrintable

Details

    • security, xss, patch
    • Integration
    • Trivial

    Description

      Failed escaping test.

      * Parameter: "replyto"
  Tested file: templates/commentsinline.vm
  URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?skin=default&vm=commentsinline.vm&replyto=aaa%22bbb%27ccc%3Eddd%3Ceee&xpage=xpart&language=en
  List of validation errors:
    line   11  column  80  FATAL: Unescaped apostrophe character

      Attachments

        Activity

          People

            nickless Alex Busenius
            nickless Alex Busenius
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: