Solr
  1. Solr
  2. SOLR-1031

XSS vulnerability in schema.jsp (patch included)

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.2, 1.3
    • Fix Version/s: 1.4
    • Component/s: web gui
    • Labels:
      None

      Description

      If javascript is embedded in any of the fields, it is possible for that javascript to be executed when viewing the schema.

      The javascript will appear in the "Top Terms" part of the UI.

      I have created a simple patch to prevent this problem from occurring.

      1. SOLR-1031.patch
        0.9 kB
        Peter Wolanin
      2. SchemaXSS.patch
        0.9 kB
        Paul Lovvik

        Activity

        Paul Lovvik created issue -
        Paul Lovvik made changes -
        Field Original Value New Value
        Attachment SchemaXSS.patch [ 12400638 ]
        Paul Lovvik made changes -
        Description If javascript is embedded in any of the fields, it is possible for that javascript to be executed when viewing the schema.

        The javascript will appear in the "Top Terms" part of the UI.

        I have created a simple patch to prevent this problem from occurring.


        Hmmm... I apparently can't attach the patch, so here is the patch text:

        Index: src/webapp/web/admin/schema.jsp
        ===================================================================
        --- src/webapp/web/admin/schema.jsp (revision 746406)
        +++ src/webapp/web/admin/schema.jsp (working copy)
        @@ -490,14 +490,10 @@
                 
                 var numTerms = 0;
                 $.each(topTerms, function(term, count) {
        - var row = document.createElement('tr');
        - var c1 = document.createElement('td');
        - c1.innerHTML=term;
        - var c2 = document.createElement('td');
        - c2.innerHTML=count;
        - row.appendChild(c1);
        - row.appendChild(c2);
        - tbody.appendChild(row);
        + var c1 = $('<td>').text(term);
        + var c2 = $('<td>').text(count);
        + var row = $('<tr>').append(c1).append(c2);
        + tbody.appendChild(row.get(0));
                   numTerms++;
                 });
                 tbl.appendChild(tbody);
        If javascript is embedded in any of the fields, it is possible for that javascript to be executed when viewing the schema.

        The javascript will appear in the "Top Terms" part of the UI.

        I have created a simple patch to prevent this problem from occurring.
        Peter Wolanin made changes -
        Attachment SOLR-1031.patch [ 12400647 ]
        Erik Hatcher made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Erik Hatcher made changes -
        Fix Version/s 1.4 [ 12313351 ]
        Grant Ingersoll made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            Paul Lovvik
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development