Details
-
Bug
-
Resolution: Fixed
-
Medium
-
4.2.11
-
None
-
7.5
-
Description
A scanner picked up that the pageId parameter in 500page.jsp is a potentially reflected xss bug. This can be exploited through a url like the following: https://example.com/pages/viewtrash.vm;editpage?pageId=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
<%
String uri = (String)request.getAttribute("javax.servlet.error.request_uri");
if(uri != null && uri.contains("editpage"))
{
String editDraft = context + "/pages/editpage.action?useDraft=true&pageId=" + request.getParameter("pageId");
%>
<div class="panel warning">
<img id="draftNote" alt="" src="<%= context %>/images/icons/emoticons/warning.png">
You can <a href="<%= editDraft %>">resume editing</a> the most recently saved draft of your page.
</div>
<%
}
%>