[JSPWIKI-1108] interwiki links with illegal characters causes XSS vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.11.0-M4
Component/s: Core & storage
Labels:
None

Description

Create a inter wiki link with the text [<script>alert`1`</script>://test.com].

You get an interwiki reference error, but also JS popup during edit(preview) and after saving the page.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Dirk Frederickx

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 23/Apr/19 18:05

Updated:: 29/May/19 22:29

Resolved:: 29/May/19 22:29