Return-Path: X-Original-To: apmail-lucene-dev-archive@www.apache.org Delivered-To: apmail-lucene-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9BA6B176E2 for ; Mon, 6 Apr 2015 16:52:13 +0000 (UTC) Received: (qmail 59958 invoked by uid 500); 6 Apr 2015 16:52:12 -0000 Delivered-To: apmail-lucene-dev-archive@lucene.apache.org Received: (qmail 59894 invoked by uid 500); 6 Apr 2015 16:52:12 -0000 Mailing-List: contact dev-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@lucene.apache.org Delivered-To: mailing list dev@lucene.apache.org Received: (qmail 59879 invoked by uid 99); 6 Apr 2015 16:52:12 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Apr 2015 16:52:12 +0000 Date: Mon, 6 Apr 2015 16:52:12 +0000 (UTC) From: "Timothy Potter (JIRA)" To: dev@lucene.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Resolved] (SOLR-7346) Stored XSS in Admin UI Schema-Browser page and Analysis page MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/SOLR-7346?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Timothy Potter resolved SOLR-7346. ---------------------------------- Resolution: Fixed Fix Version/s: 5.1 Trunk Assignee: Timothy Potter Thanks for your contribution Mei. > Stored XSS in Admin UI Schema-Browser page and Analysis page > ------------------------------------------------------------ > > Key: SOLR-7346 > URL: https://issues.apache.org/jira/browse/SOLR-7346 > Project: Solr > Issue Type: Bug > Components: UI > Affects Versions: 4.10.2, 5.0 > Environment: linux x86_64 > jdk 1.7.0.75 > apache tomcat-7.0.57 > solr 5.0.0 > Reporter: Mei Wang > Assignee: Timothy Potter > Labels: patch, security > Fix For: Trunk, 5.1 > > Original Estimate: 96h > Remaining Estimate: 96h > > Like CVE-2014-3628 , the vulnerability also exists in Admin UI Schema-Browser page and Analysis page, which was caused by improper validation of user-supplied input, for example, create fields by Schema API. When the Schema-Browser page or Analysis page url is clicked, an XSS will be triggered. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. > patch for solr5.0.0 > {noformat} > solr/webapp/web/js/scripts/schema-browser.js > --- schema-browser.js 2015-04-03 14:42:19.000000000 +0800 > +++ schema-browser_patch.js 2015-04-03 14:42:59.000000000 +0800 > @@ -596,7 +596,7 @@ > { > fields.push > ( > - '' > + '' > ); > } > if( 0 !== fields.length ) > solr/webapp/web/js/scripts/analysis.js > --- analysis.js 2015-04-03 14:22:34.000000000 +0800 > +++ analysis_patch.js 2015-04-03 14:23:09.000000000 +0800 > @@ -80,7 +80,7 @@ > { > fields.push > ( > - '' > + '' > ); > } > if( 0 !== fields.length ) > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org For additional commands, e-mail: dev-help@lucene.apache.org