Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-590

Cross Site Scripting Vulnerability (XSS) in Search template

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 3.0 Beta 1
    • None
    • None
    • None

    Description

      file: webapp/templates/jsp/samples/search.jsp

      User input/output is not escaped, attacker could inject (script) code into page and steal cookie/login information.

      magnolia.info is also affected:
      http://www.magnolia.info/en/search.html?query=<script>alert("XSS");</script>

      This is a very simple XSS vulnerability test.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                fgiust Fabrizio Giustina
                olli Oliver Lietz
                Votes:
                1 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD