Details
Description
It's a copy of http://jira.undersunconsulting.com/browse/OFBIZ-559 from Olivier Lietz.
===========================================================
Very simple test:
/ecommerce/control/keywordsearch?SEARCH_STRING=<script>alert("XSS");</script>
Other components beside ecommerce are also affected.
Attachments
Issue Links
- is part of
-
OFBIZ-1525 Issue to group security concerns
- Open
- is related to
-
OFBIZ-178 Cross site scripting vulnerability in Forum
- Closed
-
OFBIZ-1193 html code is not sanitized in all the text input field
- Closed