Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-3428

Reflected XSS in generic_form_row.jsp

    XMLWordPrintable

Details

    Description

      There are multiple reflected XSS issues in the generic_form_row.jsp JSP file included in both the crowd-demo-app and crowd-openid-server projects. The vulnerabilities are a result of outputting user controlled data without first HTML encoding in the request.getParameter() calls.

      generic_form_row.jsp
      <%@ page contentType="text/html;charset=UTF-8" language="java" %>

<div class="fieldArea required">

    <%
        if (request.getParameter("warning") != null) {
    %>
    <div class="errorBox">
                <%=request.getParameter("warning") %>
    </div>
    <%
        }
    %>

    <label class="fieldLabelArea">
        <%
            if (request.getParameter("label") != null) {
        %>
            <%=request.getParameter("label") %>:
        <%
            }
        %>
    </label>

    <div class="fieldValueArea">
        <%
            if (request.getParameter("value") != null) {
        %>
            <%=request.getParameter("value") %>
        <%
            }
        %>


        <div class="fieldDescription">
            <%
                if (request.getParameter("description") != null) {
            %>
                <%=request.getParameter("description") %>
            <%
                }
            %>
        </div>
    </div>
</div>

      The vulnerability can be triggered with a specially crafted URL like the following:

      Attachments

        Activity

          People

            ckrieger Caspar Krieger (Inactive)
            cee3f48a9671 Daniel
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: