[CAUSEWAY-3077] [Vulnerability] Scalar Value Output Rendering is not escaped. (XSS Vulnarability) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Resolved
Affects Version/s: None
Fix Version/s: 2.0.0-M8
Component/s: Viewer Wicket
Labels:
- vulnerability

Description

Problem is with Wicket Viewer's scalar value output rendering: string value gets interpreted/executed by the browser. Vulnerability was probably introduced post M7.

see
https://the-asf.slack.com/archives/CFC42LWBV/p1655298008979249?thread_ts=1655296945.755859&cid=CFC42LWBV

Attachments

Activity

People

Assignee:: Andi Huber

Reporter:: Jörg Rade

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 15/Jun/22 13:05

Updated:: 23/Jun/22 09:01

Resolved:: 23/Jun/22 08:56