Uploaded image for project: 'JSPWiki'
  1. JSPWiki
  2. JSPWIKI-1108

interwiki links with illegal characters causes XSS vulnerability

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.11.0-M4
    • Component/s: Core & storage
    • Labels:
      None

      Description

      Create a inter wiki link with the text [<script>alert`1`</script>://test.com].

      You get an interwiki reference error, but also JS popup during edit(preview) and after saving the page.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              brushed Dirk Frederickx
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: