Details
Description
Like CVE-2014-3628 , the vulnerability also exists in Admin UI Schema-Browser page and Analysis page, which was caused by improper validation of user-supplied input, for example, create fields by Schema API. When the Schema-Browser page or Analysis page url is clicked, an XSS will be triggered. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
patch for solr5.0.0
solr/webapp/web/js/scripts/schema-browser.js --- schema-browser.js 2015-04-03 14:42:19.000000000 +0800 +++ schema-browser_patch.js 2015-04-03 14:42:59.000000000 +0800 @@ -596,7 +596,7 @@ { fields.push ( - '<option value="?field=' + field_name + '">' + field_name + '</option>' + '<option value="?field=' + field_name.esc() + '">' + field_name.esc() + '</option>' ); } if( 0 !== fields.length ) solr/webapp/web/js/scripts/analysis.js --- analysis.js 2015-04-03 14:22:34.000000000 +0800 +++ analysis_patch.js 2015-04-03 14:23:09.000000000 +0800 @@ -80,7 +80,7 @@ { fields.push ( - '<option value="fieldname=' + field_name + '">' + field_name + '</option>' + '<option value="fieldname=' + field_name.esc() + '">' + field_name.esc() + '</option>' ); } if( 0 !== fields.length )