reflected xss in the pageId request parameter in 500page.jsp

XMLWordPrintable

    • 7.5

      A scanner picked up that the pageId parameter in 500page.jsp is a potentially reflected xss bug. This can be exploited through a url like the following: https://example.com/pages/viewtrash.vm;editpage?pageId=%22%3E%3Cscript%3Ealert(1)%3C/script%3E

       


    <%
        String uri = (String)request.getAttribute("javax.servlet.error.request_uri");
        if(uri != null && uri.contains("editpage"))
        {
            String editDraft = context + "/pages/editpage.action?useDraft=true&pageId=" + request.getParameter("pageId");
            %>
            <div class="panel warning">
                <img id="draftNote" alt="" src="<%= context %>/images/icons/emoticons/warning.png">
                You can <a href="<%= editDraft %>">resume editing</a> the most recently saved draft of your page.
            </div>
        <% 
        }
    %>

            Assignee:
            David Black
            Reporter:
            David Black
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: