CONF-16888 has introduced or re-introduced an XSS vulnerability.
- Create a new user, and for the Full Name use:
- Go to ../admin/indexbrowser.jsp and find the entry
- Click on the entry, and the script is executed.
This also happens for other content types.
- is caused by
CONFSERVER-16888 indexbrowser.jsp displays documents but links to details display nothing