Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: 3.0 Beta 1
Affects Version/s: None
Component/s: None
Labels:
None

Template:
Acceptance criteria:

Empty

show more show less
Task DoD:

show more show less
Bug DoR:

show more show less

file: webapp/templates/jsp/samples/search.jsp

User input/output is not escaped, attacker could inject (script) code into page and steal cookie/login information.

magnolia.info is also affected:
http://www.magnolia.info/en/search.html?query=<script>alert("XSS");</script>

This is a very simple XSS vulnerability test.

Acceptance criteria

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

search.patch
1 kB
18/Dec/05 12:23 PM

is related to

MGNLSD-175 Cross Site Scripting Vulnerability (XSS) in Search

Closed

MAGNOLIA-2111 Cross Site Scripting Vulnerability (XSS): provide a filter which checks all provided parameters

Closed

Assignee:: Fabrizio Giustina

Reporter:: Oliver Lietz

Votes:: 1 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 01/Nov/05 10:28 AM

Updated:: 30/Nov/12 12:15 AM

Resolved:: 08/Mar/06 8:57 PM

Date of First Response:: 08/Mar/06 8:57 PM

Bug DoR

Task DoD