Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-7949

Thers is a xss issue in plugins/stats page of Admin Web UI.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.9, 4.10.4, 5.2.1
    • Fix Version/s: 5.3.1, 5.4, 6.0
    • Component/s: Admin UI
    • Labels:
      None

      Description

      Open Solr Admin Web UI, select a core(such as collection1) and then click "Plugins/stats",and type a url like "http://127.0.0.1:8983/solr/#/collection1/plugins/cache?entry=score=<img src=1 onerror=alert(1);> to the browser address, you will get alert box with "1".

      I changed follow code to resolve this problem:
      The Original code:
      for( var i = 0; i < entry_count; i++ )

      { $( 'a[data-bean="' + entries[i] + '"]', frame_element ) .parent().addClass( 'expanded' ); }

      The Changed code:
      for( var i = 0; i < entry_count; i++ )

      { $( 'a[data-bean="' + entries[i].esc() + '"]', frame_element ) .parent().addClass( 'expanded' ); }

        Attachments

          Activity

            People

            • Assignee:
              janhoy Jan Høydahl
              Reporter:
              davidchiu davidchiu
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: