[SLING-11622] Unexpected input may cause xss risk in Taxonomy - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: App CMS 1.1.0
Fix Version/s: App CMS 1.1.2
Component/s: App CMS
Labels:
None

Description

when we use sling-cms demo ，we find it that input in [+taxonomy item] may cause the XSS vulnerability。

some one like eg.

//代码占位符
"><svg onload=alert('xss')></svg>

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

image-2022-10-18-16-09-21-603.png
18/Oct/22 08:10
69 kB
QSec-Team
image-2022-10-18-16-09-45-520.png
18/Oct/22 08:11
157 kB
QSec-Team

Activity

People

Assignee:: Dan Klco

Reporter:: QSec-Team

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 18/Oct/22 08:12

Updated:: 02/Nov/22 11:56

Resolved:: 02/Nov/22 11:56