Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
Auth Core 1.1.2
-
None
Description
The AbstractAuthenticationFormServlet replaces placeholders in an HTML page with user-provided input without taking care of proper escaping of the input. Hence it is possible to construct an XSS-attack exploiting this servlet.
This is made worse by the fact that this servlet doesn't provide an obvious way to disable it. Setting the sling.servlet.path="-" using content based configuration did the trick in my case, however.