Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-7346

Stored XSS in Admin UI Schema-Browser page and Analysis page

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 4.10.2, 5.0
    • 5.1, 6.0
    • Admin UI
    • linux x86_64
      jdk 1.7.0.75
      apache tomcat-7.0.57
      solr 5.0.0

    Description

      Like CVE-2014-3628 , the vulnerability also exists in Admin UI Schema-Browser page and Analysis page, which was caused by improper validation of user-supplied input, for example, create fields by Schema API. When the Schema-Browser page or Analysis page url is clicked, an XSS will be triggered. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
      patch for solr5.0.0

      solr/webapp/web/js/scripts/schema-browser.js
          --- schema-browser.js   2015-04-03 14:42:19.000000000 +0800
      +++ schema-browser_patch.js     2015-04-03 14:42:59.000000000 +0800
      @@ -596,7 +596,7 @@
                           {
                             fields.push
                             (
      -                        '<option value="?field=' + field_name + '">' + field_name + '</option>'
      +                        '<option value="?field=' + field_name.esc() + '">' + field_name.esc() + '</option>'
                             );
                           }
                           if( 0 !== fields.length )
      
      solr/webapp/web/js/scripts/analysis.js
      --- analysis.js 2015-04-03 14:22:34.000000000 +0800
      +++ analysis_patch.js   2015-04-03 14:23:09.000000000 +0800
      @@ -80,7 +80,7 @@
                     {
                       fields.push
                       (
      -                  '<option value="fieldname=' + field_name + '">' + field_name + '</option>'
      +                  '<option value="fieldname=' + field_name.esc() + '">' + field_name.esc() + '</option>'
                       );
                     }
                     if( 0 !== fields.length )
      

      Attachments

        Activity

          People

            thelabdude Timothy Potter
            meilin Mei Wang
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 96h
                96h
                Remaining:
                Remaining Estimate - 96h
                96h
                Logged:
                Time Spent - Not Specified
                Not Specified