Uploaded image for project: 'JSPWiki'
  1. JSPWiki
  2. JSPWIKI-1093

Reflected XSS in JSPWiki v2.11.0-M1

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.10.3, 2.10.4, 2.10.5, 2.11.0-M1, 2.11.0-M2
    • Fix Version/s: 2.11.0-M3
    • Component/s: Templates and UI
    • Labels:
      None

      Description

      ---------- Forwarded message ---------
      From: Muthukumar Marikani <muthukumar.marikani@zohocorp.com>
      Date: Fri, Mar 15, 2019 at 1:14 PM
      Subject: Reflected XSS in JSPWiki v2.11.0-M1
      To: security <security@apache.org>

      Hi,

      I have found a reflected XSS vulnerability in JSPWiki v2.11.0-M1

      [snip]

      An attacker can execute javascript in victim's browser by sending crafted url to victim

      Recommended fix :

      Encode the values which are from user end

      Product : JSPWiki
      Version : v2.11.0-M1
      Verified in : firefox 65.0.1 , MacOS 10.12.6
      Severity : Medium

      Regards,
      Muthukumar Marikani (unknown_person)
      ZOHO-CRM Security Team

        Attachments

          Activity

            People

            • Assignee:
              brushed Dirk Frederickx
              Reporter:
              brushed Dirk Frederickx
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: