Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-1031

XSS vulnerability in schema.jsp (patch included)

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.2, 1.3
    • 1.4
    • Admin UI
    • None

    Description

      If javascript is embedded in any of the fields, it is possible for that javascript to be executed when viewing the schema.

      The javascript will appear in the "Top Terms" part of the UI.

      I have created a simple patch to prevent this problem from occurring.

      Attachments

        1. SOLR-1031.patch
          0.9 kB
          Peter Wolanin
        2. SchemaXSS.patch
          0.9 kB
          Paul Lovvik

        Activity

          People

            Unassigned Unassigned
            paul.lovvik Paul Lovvik
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: