Uploaded image for project: 'Felix'
  1. Felix
  2. FELIX-6128

Issue in the bundle Web Console

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: webconsole-4.3.8
    • Fix Version/s: webconsole-4.3.10
    • Component/s: Web Console
    • Labels:
      None

      Description

      RunningSnail reported an XSS issue in the bundle Web Console.

      After logining,I visit the page whose url is http://127.0.0.1:8080/system/console/bundles.
      Then I click "Install/Update" and before uploading a jar file,I change the content of the "MANIFEST.MF" in the jar file.

      So when an admin visit the page,he will be affected by the stored xss.

      See attached images

        Attachments

        1. escape_bundle_name_and_manifest_headers.patch
          2 kB
          Ashok Kumar
        2. escape_bundle_name_and_other_manifest_headers.patch
          3 kB
          Ashok Kumar
        3. image002.png
          22 kB
          Antonio Sanso
        4. image003.png
          88 kB
          Antonio Sanso

          Activity

            People

            • Assignee:
              karlpauls Karl Pauls
              Reporter:
              asanso Antonio Sanso
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: