lucene-solr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Chess (JIRA)" <j...@apache.org>
Subject [jira] Commented: (SOLR-74) Cross-site scripting vulnerabilities
Date Wed, 29 Nov 2006 07:45:21 GMT
    [ http://issues.apache.org/jira/browse/SOLR-74?page=comments#action_12454244 ] 
            
Brian Chess commented on SOLR-74:
---------------------------------

Two problems in action.jsp:
100	 <td>
101	<%= action %><br>
102	</td> 

108	 <td>
109	<%= enableActionStatus %><br>
110	</td>


One in get-file.jsp:
59	 out.println("Permission denied for file "+ fname);

Three in analysis.jsp:
64	 <td>
65	<input class="std" name="name" type="text" value="<%= name %>">
66	</td>

80	 <td>
81	<textarea class="std" rows="3" cols="70" name="val"><%= val %></textarea>
82	</td>

92	 <td>
93	<textarea class="std" rows="1" cols="70" name="qval"><%= qval %></textarea>
94	</td>
95	</tr>




> Cross-site scripting vulnerabilities
> ------------------------------------
>
>                 Key: SOLR-74
>                 URL: http://issues.apache.org/jira/browse/SOLR-74
>             Project: Solr
>          Issue Type: Bug
>          Components: web gui
>            Reporter: Erik Hatcher
>
> There are a number of cross-site scripting vulnerabilities in the Solr admin JSP pages,
wherever data is being re-displayed as typed by the user.  
> For example, in analysis.jsp:  <textarea class="std" rows="1" cols="70" name="qval"><%=
qval %></textarea>
> These need to be modified to HTML escape the values rather than directly outputting the
exact values. 
> The other affected JSP pages: action.jsp and get-file.jsp

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message