Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-1525 Issue to group security concerns
  3. OFBIZ-11006

Create customer request screen breaks when entering special characters (CVE-2019-10074)

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Release Branch 13.07, Release Branch 14.12, Release Branch 15.12, Release Branch 16.11, Release Branch 18.12, Release Branch 17.12
    • 16.11.06, 17.12.01, 18.12.01
    • order
    • None
    • Bug Crush Event - 21/2/2015

    Description

      For some reason the Create Customer Request form (component://order/widget/ordermgr/CustRequestForms.xml) doesn't encode the output of the "story" field. This breaks the screen when certain html or freemarker special characters are entered into the field.

      I don't see any good reason why this field in particular shouldn't be using encoding so I'm going to enable it again.

      Attachments

        Activity

          People

            lektran Scott Gray
            lektran Scott Gray
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: