Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
Servlets Resolver 2.5.2
-
None
Description
Issue Summary : There is a XSS possible in system console.
Steps to reproduce :
Scenario 1 :
- Open a local instance
- Open the link http://localhost:4502/system/console/services?filter=%22onmouseover=%22alert(%27xss%27)%22 in Internet Explorer.
- Chrome would auto flag XSS exploit and prevent page load
Scenario 2 :
- Open a local instance
- Open the link http://localhost:4502/system/console/servletresolver?url=%2Fcontent%2Fdam%3Cscript%3Ealert%28%27123%27%29%3C%2Fscript%3E&method=GET in Internet Explorer.
- Chrome would auto flag XSS exploit and prevent page load
Expected Behavior : The pop up should not come up.
Attachments
Issue Links
- links to