Uploaded image for project: 'Causeway'
  1. Causeway
  2. CAUSEWAY-3077

[Vulnerability] Scalar Value Output Rendering is not escaped. (XSS Vulnarability)

    XMLWordPrintableJSON

Details

    Description

      Problem is with Wicket Viewer's scalar value output rendering: string value gets interpreted/executed by the browser. Vulnerability was probably introduced post M7.

      see
      https://the-asf.slack.com/archives/CFC42LWBV/p1655298008979249?thread_ts=1655296945.755859&cid=CFC42LWBV

      Attachments

        Activity

          People

            hobrom Andi Huber
            joerg.rade Jörg Rade
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: