Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-1031

XSS vulnerability in schema.jsp (patch included)

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.2, 1.3
    • Fix Version/s: 1.4
    • Component/s: Admin UI
    • Labels:
      None

      Description

      If javascript is embedded in any of the fields, it is possible for that javascript to be executed when viewing the schema.

      The javascript will appear in the "Top Terms" part of the UI.

      I have created a simple patch to prevent this problem from occurring.

        Attachments

        1. SOLR-1031.patch
          0.9 kB
          Peter Wolanin
        2. SchemaXSS.patch
          0.9 kB
          Paul Lovvik

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              paul.lovvik Paul Lovvik
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: