tapestry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christophe Cordenier (JIRA)" <j...@apache.org>
Subject [jira] Created: (TAP5-1262) XSS vulnerability in calendar component (apply to 5.1.0.x)
Date Wed, 01 Sep 2010 06:22:53 GMT
XSS vulnerability in calendar component (apply to 5.1.0.x)
----------------------------------------------------------

                 Key: TAP5-1262
                 URL: https://issues.apache.org/jira/browse/TAP5-1262
             Project: Tapestry 5
          Issue Type: Bug
          Components: tapestry-core
    Affects Versions: 5.1.0.5
            Reporter: Christophe Cordenier
            Assignee: Christophe Cordenier
             Fix For: 5.2.0


The calendar component provided in tapestry 5.1.0.5 could be used to allow code injection
by malicious web users into any page that uses datefield .

To reproduce the vulnerability, put js code like  <script>alert("T5 is great"); </script>
in any datefield  and click on the related calendar bitma

After quick search in the DateField.js, it seems like the field value is not escaping

escaping with a change like var value = escape($F(this.field));  the field value seems solve
this vulnerability.    




-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message