[MAGNOLIA-590] Cross Site Scripting Vulnerability (XSS) in Search template Created: 01/Nov/05 Updated: 30/Nov/12 Resolved: 08/Mar/06 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 3.0 Beta 1 |
| Type: | Bug | Priority: | Critical |
| Reporter: | Oliver Lietz | Assignee: | Fabrizio Giustina |
| Resolution: | Fixed | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||||||
| Issue Links: |
|
||||||||||||
| Template: |
|
||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
||||||||||||
| Date of First Response: | |||||||||||||
| Description |
|
file: webapp/templates/jsp/samples/search.jsp User input/output is not escaped, attacker could inject (script) code into page and steal cookie/login information. magnolia.info is also affected: This is a very simple XSS vulnerability test. |
| Comments |
| Comment by Oliver Lietz [ 01/Nov/05 ] |
|
— search.jsp-822 Tue Nov 1 10:06:47 2005
<jsp:text> <form name="mgnlsearch" action=""><input id="query" name="query"
<c:if test="${!empty(param.query)}">
<cmsu:simpleSearch query="${param.query}" var="results" /> |
| Comment by Fabrizio Giustina [ 08/Mar/06 ] |
|
fixed in trunk (3.0) and in 2.x branch (2.1.6) |
| Comment by Greg Knaddison [ 30/Nov/12 ] |
|
Is this the appropriate way to post a security issue in the Magnolia CMS or do you keep them confidential? (I believe I have found a new XSS issue). |