ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (JIRA)" <j...@apache.org>
Subject [jira] Assigned: (OFBIZ-178) Cross site scripting vulnerability in Forum
Date Fri, 01 Sep 2006 15:04:23 GMT
     [ http://issues.apache.org/jira/browse/OFBIZ-178?page=all ]

Jacques Le Roux reassigned OFBIZ-178:
-------------------------------------

    Assignee: Jacques Le Roux

> Cross site scripting vulnerability in Forum
> -------------------------------------------
>
>                 Key: OFBIZ-178
>                 URL: http://issues.apache.org/jira/browse/OFBIZ-178
>             Project: OFBiz (The Open for Business Project)
>          Issue Type: Bug
>          Components: ecommerce
>            Reporter: Eriks Dobelis
>         Assigned To: Jacques Le Roux
>
> Currently HTML tags are filtered from forum messages by client side javascript (whyzzywig.js).
If JavaScript is turned off (or local webproxy is used to filter or change the script), then
user can post a forum message containing any HTML code, including <script> tags, e.g.
<script>alert('test');</script>
> This is classic cross site scripting problem with all the consequences (e.g. writing
scripts to steal active cookies).
> Also, currently a lot is supplied as hidden fields, which probably means that user could
change that text. I have not checked that, but as there are fields like dataResourceTypeId,
contentTypeId then probably user can create any type of content.
> <input type="hidden" name="VIEW_INDEX"/>
> <input type="hidden" name="threadView"/>
> <input type="hidden" name="forumGroupId"/>
> <input type="hidden" name="dataResourceTypeId" value="ELECTRONIC_TEXT"/>
> <input type="hidden" name="forumId" value="ASK"/>
> <input type="hidden" name="contentName" value="New thread/message/response"/>
> <input type="hidden" name="contentTypeId" value="DOCUMENT"/>
> <input type="hidden" name="ownerContentId" value="ASK"/>
> <input type="hidden" name="contentIdTo" value="10007"/>
> <input type="hidden" name="contentAssocTypeId" value="RESPONSE"/>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message