Details
-
Bug
-
Resolution: Fixed
-
Medium
-
4.2.11
-
None
-
7.5
-
Description
A scanner picked up that the pageId parameter in 500page.jsp is a potentially reflected xss bug. This can be exploited through a url like the following: https://example.com/pages/viewtrash.vm;editpage?pageId=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
<% String uri = (String)request.getAttribute("javax.servlet.error.request_uri"); if(uri != null && uri.contains("editpage")) { String editDraft = context + "/pages/editpage.action?useDraft=true&pageId=" + request.getParameter("pageId"); %> <div class="panel warning"> <img id="draftNote" alt="" src="<%= context %>/images/icons/emoticons/warning.png"> You can <a href="<%= editDraft %>">resume editing</a> the most recently saved draft of your page. </div> <% } %>