Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-3428

Reflected XSS in generic_form_row.jsp

XMLWordPrintable

      There are multiple reflected XSS issues in the generic_form_row.jsp JSP file included in both the crowd-demo-app and crowd-openid-server projects. The vulnerabilities are a result of outputting user controlled data without first HTML encoding in the request.getParameter() calls.

      generic_form_row.jsp
      <%@ page contentType="text/html;charset=UTF-8" language="java" %>

<div class="fieldArea required">

    <%
        if (request.getParameter("warning") != null) {
    %>
    <div class="errorBox">
                <%=request.getParameter("warning") %>
    </div>
    <%
        }
    %>

    <label class="fieldLabelArea">
        <%
            if (request.getParameter("label") != null) {
        %>
            <%=request.getParameter("label") %>:
        <%
            }
        %>
    </label>

    <div class="fieldValueArea">
        <%
            if (request.getParameter("value") != null) {
        %>
            <%=request.getParameter("value") %>
        <%
            }
        %>


        <div class="fieldDescription">
            <%
                if (request.getParameter("description") != null) {
            %>
                <%=request.getParameter("description") %>
            <%
                }
            %>
        </div>
    </div>
</div>

      The vulnerability can be triggered with a specially crafted URL like the following:

            [CWD-3428] Reflected XSS in generic_form_row.jsp

            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 - restricted [ 1511162 ] New: JAC Bug Workflow v3 [ 3365608 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 [ 1393406 ] New: Simplified Crowd Development Workflow v2 - restricted [ 1511162 ]
            Owen made changes -
            Workflow Original: Crowd Development Workflow v2 [ 542525 ] New: Simplified Crowd Development Workflow v2 [ 1393406 ]
            Security Metrics Bot made changes -
            Labels Original: security security_codereview New: cvss-high security security_codereview
            VitalyA made changes -
            Labels Original: security security_codereview to-publish New: security security_codereview
            VitalyA made changes -
            Security Original: Reporters and Developers [ 10071 ]
            VitalyA made changes -
            Labels Original: security security_codereview New: security security_codereview to-publish
            Caspar Krieger (Inactive) made changes -
            Fix Version/s New: 2.6.5 [ 34791 ]
            Fix Version/s New: 2.5.6 [ 35791 ]
            Caspar Krieger (Inactive) made changes -
            Fix Version/s New: 2.4.11 [ 35790 ]
            Caspar Krieger (Inactive) made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Technical Review [ 10028 ] New: Resolved [ 5 ]

              ckrieger Caspar Krieger (Inactive)
              cee3f48a9671 Daniel
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: