roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <tim.fulc...@bt.com>
Subject XSS vulnerability in Roller 2.3.x ?
Date Thu, 11 Sep 2008 12:04:00 GMT
Hi

I'm still running a site running Roller 2.3.1
My customer seems to have found an issue whereby the search form on the
blog page seems vulnerable to XSS attack :-(

Just a few questions - 
1 - Is this a known issue ?
2 - Can I do anything about it ?  I wrote a Tomcat Valve to strip out
characters for another webapp but would this mess up Roller
functionality ?
3 - Would migration to v3 or v4 fix the exploitation ?

thanks

Tim

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message