-
Bug
-
Resolution: Fixed
-
Critical
-
None
-
None
-
None
-
-
Empty show more show less
file: webapp/templates/jsp/samples/search.jsp
User input/output is not escaped, attacker could inject (script) code into page and steal cookie/login information.
magnolia.info is also affected:
http://www.magnolia.info/en/search.html?query=<script>alert("XSS");</script>
This is a very simple XSS vulnerability test.
Acceptance criteria
- is related to
-
MGNLSD-175 Cross Site Scripting Vulnerability (XSS) in Search
- Closed
-
MAGNOLIA-2111 Cross Site Scripting Vulnerability (XSS): provide a filter which checks all provided parameters
- Closed