Uploaded image for project: 'Jackrabbit Content Repository'
  1. Jackrabbit Content Repository
  2. JCR-1925

CVE-2009-0026: Cross site scripting issues in webapp

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.4, 1.5
    • 1.5.2
    • jackrabbit-webapp
    • None

    Description

      Some of the jackrabbit-webapp forms don't properly escape user input when displaying it in the resulting HTML page. This leads to potential cross site scripting issues. For example:

      search.jsp?q=%25%22%3Cscript%3Ealert(1)%3C/script%3E
      swr.jsp?q=%25"<script>alert(1)</script>&swrnum=1

      The CVE id for this issue is CVE-2009-0026. This issue was reported by the Red Hat Security Response Team.

      Attachments

        Activity

          People

            jukkaz Jukka Zitting
            jukkaz Jukka Zitting
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: