Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
2.4.104
-
None
Description
Description:
The following tags are observed to render contents directly to the pageContext without Output Encoding. It may be possible for XSS to occur in each of these tags.
Recommendation:
Output Encode the value rendered to the user. Use the "TextUtil.replaceEntities()" method.
Related Code Locations:
13 findings:
Name: com.ecyrd.jspwiki.tags.CalendarTag.doWikiStartTag():int
Type: Vulnerability.Validation.EncodingRequired
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\tags\CalendarTag.java
Line / Col: 288 / 0
Context: out . java.io.Writer.write ( new java.lang.StringBuilder . java.lang.StringBuilder.append("<tr>") . java.lang.StringBuilder.append(com.ecyrd.jspwiki.tags.CalendarTag.getMonthNaviLink(prevCal, "<<", queryString)) . java.lang.StringBuilder.append("<td colspan=5 class\"mont\">") . java.lang.StringBuilder.append(com.ecyrd.jspwiki.tags.CalendarTag.getMonthLink(cal)) . java.lang.StringBuilder.append("</td>") . java.lang.StringBuilder.append(com.ecyrd.jspwiki.tags.CalendarTag.getMonthNaviLink(nextCal, ">>", queryString)) . java.lang.StringBuilder.append("</tr>
") . java.lang.StringBuilder.toString() )
Notes:
-----------------------------------
Name: com.ecyrd.jspwiki.tags.CookieTag.doEndTag():int
Type: Vulnerability.CrossSiteScripting
Severity: High
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\tags\CookieTag.java
Line / Col: 181 / 0
Context: this.pageContext . javax.servlet.jsp.PageContext.getOut() . javax.servlet.jsp.JspWriter.print ( out )
Notes:
-----------------------------------
Name: com.ecyrd.jspwiki.tags.EditorIteratorTag.doAfterBody():int
Type: Vulnerability.CrossSiteScripting
Severity: High
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\tags\EditorIteratorTag.java
Line / Col: 112 / 0
Context: out . javax.servlet.jsp.JspWriter.print ( this.bodyContent . javax.servlet.jsp.tagext.BodyContent.getString() )
Notes:
-----------------------------------
Name: com.ecyrd.jspwiki.tags.CalendarTag.doWikiStartTag():int
Type: Vulnerability.Validation.EncodingRequired
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\tags\CalendarTag.java
Line / Col: 288 / 0
Context: out . java.io.Writer.write ( new java.lang.StringBuilder . java.lang.StringBuilder.append("<tr>") . java.lang.StringBuilder.append(com.ecyrd.jspwiki.tags.CalendarTag.getMonthNaviLink(prevCal, "<<", queryString)) . java.lang.StringBuilder.append("<td colspan=5 class\"mont\">") . java.lang.StringBuilder.append(com.ecyrd.jspwiki.tags.CalendarTag.getMonthLink(cal)) . java.lang.StringBuilder.append("</td>") . java.lang.StringBuilder.append(com.ecyrd.jspwiki.tags.CalendarTag.getMonthNaviLink(nextCal, ">>", queryString)) . java.lang.StringBuilder.append("</tr>
") . java.lang.StringBuilder.toString() )
Notes:
-----------------------------------
Name: com.ecyrd.jspwiki.tags.CalendarTag.doWikiStartTag():int
Type: Vulnerability.Validation.EncodingRequired
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\tags\CalendarTag.java
Line / Col: 288 / 0
Context: out . java.io.Writer.write ( new java.lang.StringBuilder . java.lang.StringBuilder.append("<tr>") . java.lang.StringBuilder.append(com.ecyrd.jspwiki.tags.CalendarTag.getMonthNaviLink(prevCal, "<<", queryString)) . java.lang.StringBuilder.append("<td colspan=5 class\"mont\">") . java.lang.StringBuilder.append(com.ecyrd.jspwiki.tags.CalendarTag.getMonthLink(cal)) . java.lang.StringBuilder.append("</td>") . java.lang.StringBuilder.append(com.ecyrd.jspwiki.tags.CalendarTag.getMonthNaviLink(nextCal, ">>", queryString)) . java.lang.StringBuilder.append("</tr>
") . java.lang.StringBuilder.toString() )
Notes:
-----------------------------------
Name: com.ecyrd.jspwiki.tags.AttachmentsIteratorTag.doAfterBody():int
Type: Vulnerability.CrossSiteScripting
Severity: High
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\tags\AttachmentsIteratorTag.java
Line / Col: 127 / 0
Context: out . javax.servlet.jsp.JspWriter.print ( this.bodyContent . javax.servlet.jsp.tagext.BodyContent.getString() )
Notes:
-----------------------------------
Name: com.ecyrd.jspwiki.tags.CalendarTag.doWikiStartTag():int
Type: Vulnerability.Validation.EncodingRequired
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\tags\CalendarTag.java
Line / Col: 288 / 0
Context: out . java.io.Writer.write ( new java.lang.StringBuilder . java.lang.StringBuilder.append("<tr>") . java.lang.StringBuilder.append(com.ecyrd.jspwiki.tags.CalendarTag.getMonthNaviLink(prevCal, "<<", queryString)) . java.lang.StringBuilder.append("<td colspan=5 class\"mont\">") . java.lang.StringBuilder.append(com.ecyrd.jspwiki.tags.CalendarTag.getMonthLink(cal)) . java.lang.StringBuilder.append("</td>") . java.lang.StringBuilder.append(com.ecyrd.jspwiki.tags.CalendarTag.getMonthNaviLink(nextCal, ">>", queryString)) . java.lang.StringBuilder.append("</tr>
") . java.lang.StringBuilder.toString() )
Notes:
-----------------------------------
Name: com.ecyrd.jspwiki.tags.SearchResultIteratorTag.doAfterBody():int
Type: Vulnerability.CrossSiteScripting
Severity: High
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\tags\SearchResultIteratorTag.java
Line / Col: 133 / 0
Context: out . javax.servlet.jsp.JspWriter.print ( this.bodyContent . javax.servlet.jsp.tagext.BodyContent.getString() )
Notes:
-----------------------------------
Name: com.ecyrd.jspwiki.tags.IteratorTag.doAfterBody():int
Type: Vulnerability.CrossSiteScripting
Severity: High
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\tags\IteratorTag.java
Line / Col: 142 / 0
Context: out . javax.servlet.jsp.JspWriter.print ( this.bodyContent . javax.servlet.jsp.tagext.BodyContent.getString() )
Notes:
-----------------------------------
Name: com.ecyrd.jspwiki.tags.CalendarTag.doWikiStartTag():int
Type: Vulnerability.Validation.EncodingRequired
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\tags\CalendarTag.java
Line / Col: 288 / 0
Context: out . java.io.Writer.write ( new java.lang.StringBuilder . java.lang.StringBuilder.append("<tr>") . java.lang.StringBuilder.append(com.ecyrd.jspwiki.tags.CalendarTag.getMonthNaviLink(prevCal, "<<", queryString)) . java.lang.StringBuilder.append("<td colspan=5 class\"mont\">") . java.lang.StringBuilder.append(com.ecyrd.jspwiki.tags.CalendarTag.getMonthLink(cal)) . java.lang.StringBuilder.append("</td>") . java.lang.StringBuilder.append(com.ecyrd.jspwiki.tags.CalendarTag.getMonthNaviLink(nextCal, ">>", queryString)) . java.lang.StringBuilder.append("</tr>
") . java.lang.StringBuilder.toString() )
Notes:
-----------------------------------
Name: com.ecyrd.jspwiki.tags.HistoryIteratorTag.doAfterBody():int
Type: Vulnerability.CrossSiteScripting
Severity: High
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\tags\HistoryIteratorTag.java
Line / Col: 112 / 0
Context: out . javax.servlet.jsp.JspWriter.print ( this.bodyContent . javax.servlet.jsp.tagext.BodyContent.getString() )
Notes:
-----------------------------------
Name: com.ecyrd.jspwiki.tags.LinkTag.doEndTag():int
Type: Vulnerability.Validation.EncodingRequired
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\tags\LinkTag.java
Line / Col: 425 / 0
Context: out . java.io.Writer.write ( linktext )
Notes:
-----------------------------------
Name: com.ecyrd.jspwiki.tags.CalendarTag.doWikiStartTag():int
Type: Vulnerability.Validation.EncodingRequired
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\tags\CalendarTag.java
Line / Col: 288 / 0
Context: out . java.io.Writer.write ( new java.lang.StringBuilder . java.lang.StringBuilder.append("<tr>") . java.lang.StringBuilder.append(com.ecyrd.jspwiki.tags.CalendarTag.getMonthNaviLink(prevCal, "<<", queryString)) . java.lang.StringBuilder.append("<td colspan=5 class\"mont\">") . java.lang.StringBuilder.append(com.ecyrd.jspwiki.tags.CalendarTag.getMonthLink(cal)) . java.lang.StringBuilder.append("</td>") . java.lang.StringBuilder.append(com.ecyrd.jspwiki.tags.CalendarTag.getMonthNaviLink(nextCal, ">>", queryString)) . java.lang.StringBuilder.append("</tr>
") . java.lang.StringBuilder.toString() )
Notes:
-----------------------------------