Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-1031

XSS vulnerability in schema.jsp (patch included)

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.2, 1.3
    • Fix Version/s: 1.4
    • Component/s: Admin UI
    • Labels:
      None

      Description

      If javascript is embedded in any of the fields, it is possible for that javascript to be executed when viewing the schema.

      The javascript will appear in the "Top Terms" part of the UI.

      I have created a simple patch to prevent this problem from occurring.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              paul.lovvik Paul Lovvik

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment