Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
2.4.104
-
None
-
None
Description
Description:
1. The preview.jsp uses the "action" parameter directly without validation/output encoding.
2. The PreviewContent.jsp will output the edited text directly without output encoding.
Recommendation:
Output Encode the value rendered to the user. Use the "TextUtil.replaceEntities()" method.
Related Code Locations:
5 findings:
Name: JSPWiki_2_4_104.templates.default_.editors.preview_jsp._jspService(javax.servlet.http.HttpServletRequest;javax.servlet.http.HttpServletResponse):void
Type: Vulnerability.CrossSiteScripting
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\web-root\JSPWiki.war\templates\default\editors\preview.jsp
Line / Col: 22 / 0
Context: out . javax.servlet.jsp.JspWriter.print ( session . javax.servlet.http.HttpSession.getAttribute("author") )
-----------------------------------
Name: JSPWiki_2_4_104.templates.default_.editors.preview_jsp._jspService(javax.servlet.http.HttpServletRequest;javax.servlet.http.HttpServletResponse):void
Type: Vulnerability.CrossSiteScripting
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\web-root\JSPWiki.war\templates\default\editors\preview.jsp
Line / Col: 23 / 0
Context: out . javax.servlet.jsp.JspWriter.print ( session . javax.servlet.http.HttpSession.getAttribute("link") )
-----------------------------------
Name: JSPWiki_2_4_104.templates.default_.PreviewContent_jsp._jspService(javax.servlet.http.HttpServletRequest;javax.servlet.http.HttpServletResponse):void
Type: Vulnerability.CrossSiteScripting
Severity: High
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\web-root\JSPWiki.war\templates\default\PreviewContent.jsp
Line / Col: 12 / 0
Context: out . javax.servlet.jsp.JspWriter.print ( getEditedText(pageContext) )
-----------------------------------
Name: JSPWiki_2_4_104.templates.default_.editors.preview_jsp._jspService(javax.servlet.http.HttpServletRequest;javax.servlet.http.HttpServletResponse):void
Type: Vulnerability.CrossSiteScripting
Severity: High
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\web-root\JSPWiki.war\templates\default\editors\preview.jsp
Line / Col: 30 / 0
Context: out . javax.servlet.jsp.JspWriter.print ( request . javax.servlet.ServletRequest.getRemoteAddr() )
-----------------------------------
Name: JSPWiki_2_4_104.templates.default_.editors.preview_jsp._jspService(javax.servlet.http.HttpServletRequest;javax.servlet.http.HttpServletResponse):void
Type: Vulnerability.CrossSiteScripting
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\web-root\JSPWiki.war\templates\default\editors\preview.jsp
Line / Col: 24 / 0
Context: out . javax.servlet.jsp.JspWriter.print ( session . javax.servlet.http.HttpSession.getAttribute("remember") )
-----------------------------------