Solr
  1. Solr
  2. SOLR-1031

XSS vulnerability in schema.jsp (patch included)

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.2, 1.3
    • Fix Version/s: 1.4
    • Component/s: web gui
    • Labels:
      None

      Description

      If javascript is embedded in any of the fields, it is possible for that javascript to be executed when viewing the schema.

      The javascript will appear in the "Top Terms" part of the UI.

      I have created a simple patch to prevent this problem from occurring.

      1. SOLR-1031.patch
        0.9 kB
        Peter Wolanin
      2. SchemaXSS.patch
        0.9 kB
        Paul Lovvik

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            Paul Lovvik
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development