Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-2974

XSS vulnerability in AbstractAuthenticationFormServlet

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Auth Core 1.1.2
    • Auth Core 1.1.4
    • Authentication
    • None

    Description

      The AbstractAuthenticationFormServlet replaces placeholders in an HTML page with user-provided input without taking care of proper escaping of the input. Hence it is possible to construct an XSS-attack exploiting this servlet.

      This is made worse by the fact that this servlet doesn't provide an obvious way to disable it. Setting the sling.servlet.path="-" using content based configuration did the trick in my case, however.

      Attachments

        Activity

          People

            cziegeler Carsten Ziegeler
            jsedding Julian Sedding
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: