Details
Major Description
Like CVE-2014-3628 , the vulnerability also exists in Admin UI Schema-Browser page and Analysis page, which was caused by improper validation of user-supplied input, for example, create fields by Schema API. When the Schema-Browser page or Analysis page url is clicked, an XSS will be triggered. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
patch for solr5.0.0
solr/webapp/web/js/scripts/schema-browser.js
--- schema-browser.js 2015-04-03 14:42:19.000000000 +0800
+++ schema-browser_patch.js 2015-04-03 14:42:59.000000000 +0800
@@ -596,7 +596,7 @@
{
fields.push
(
- '<option value="?field=' + field_name + '">' + field_name + '</option>'
+ '<option value="?field=' + field_name.esc() + '">' + field_name.esc() + '</option>'
);
}
if( 0 !== fields.length )
solr/webapp/web/js/scripts/analysis.js
--- analysis.js 2015-04-03 14:22:34.000000000 +0800
+++ analysis_patch.js 2015-04-03 14:23:09.000000000 +0800
@@ -80,7 +80,7 @@
{
fields.push
(
- '<option value="fieldname=' + field_name + '">' + field_name + '</option>'
+ '<option value="fieldname=' + field_name.esc() + '">' + field_name.esc() + '</option>'
);
}
if( 0 !== fields.length )
