beehive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott L'Hommedieu (JIRA)" <j...@apache.org>
Subject [jira] Created: (BEEHIVE-1197) XSS Vulnerability in jpfScopeID
Date Thu, 07 Jun 2007 18:03:26 GMT
XSS Vulnerability in jpfScopeID
-------------------------------

                 Key: BEEHIVE-1197
                 URL: https://issues.apache.org/jira/browse/BEEHIVE-1197
             Project: Beehive
          Issue Type: Bug
          Components: NetUI
    Affects Versions: 1.0.2, 1.0.1, 1.0, v1m1, V1Beta, V1Alpha, V.Next
         Environment: Any
            Reporter: Scott L'Hommedieu


When a processing a request to a url such as  http://xxx/xx.jfp?jpfScopeID="<script>
, resulting links in response will include the scope id as is.  Such as ?jpfScopeID="<>?.

Since jpfScopeID appending is not controlled by end user code, this behavior 
possibly cause XSS vulnerability. 

For example, if giving url like
 .....submit.do?jpfScopeID=%22%3E%3Cscript%3Ealert('gotcha')%3C/script%3E

The browser will evaluate and run the script.

This affects several tags and scoping bits.

Fix is to html encode the jpfScopeID in ScopedServletUtils and call that from tags and such.

I can attach a patch shortly.





-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message