Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Highest
-
Resolution: Fixed
-
Affects Version/s: 2.5
-
Fix Version/s: 3.1-m7
-
Component/s: Search - Core
-
Bug Fix Policy:
Description
CONF-16888 has introduced or re-introduced an XSS vulnerability.
To reproduce:
- Create a new user, and for the Full Name use:
<script>alert('Vulnerable')</script>
- Go to ../admin/indexbrowser.jsp and find the entry
- Click on the entry, and the script is executed.
This also happens for other content types.
Attachments
Issue Links
- is caused by
-
CONFSERVER-16888 indexbrowser.jsp displays documents but links to details display nothing
-
- Closed
-