MyFaces Tomahawk
  1. MyFaces Tomahawk
  2. TOMAHAWK-983

Cross-site scripting in autoscroll parameter

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 1.1.1, 1.1.2, 1.1.3, 1.1.5
    • Fix Version/s: 1.1.6
    • Component/s: ExtensionsFilter
    • Labels:
      None
    • Environment:
      Apache/2.0.59 (Unix) mod_ssl/2.0.59 OpenSSL/0.9.7d

      Description

      The autoscroll parameter inserted in the requests is vulnerable to cross-site scripting attacks.
      If the POST request containing the autoscroll parameter is fuzzed to include something on the lines of "autoScroll=0%2C275);//--></script><IMG%20src="bla"%20onerror="alert(document.cookie)"><script>( ", one can see the JavaScript pop-up. This appears to be a vulnerability throughout the JSF apps.

        Issue Links

          Activity

          Hide
          Manfred Geiler added a comment - - edited

          Thanks rajat for submitting this issue.
          Sorry for the delay. A priority "Critical" would have given this issue more attention...

          Show
          Manfred Geiler added a comment - - edited Thanks rajat for submitting this issue. Sorry for the delay. A priority "Critical" would have given this issue more attention...
          Hide
          rajat added a comment -

          Thanks Manfred for fixing this. In hindsight, it would have more sense to put it as critical as it was a universal issue. Will keep it in mind for future vulnerabilities

          Show
          rajat added a comment - Thanks Manfred for fixing this. In hindsight, it would have more sense to put it as critical as it was a universal issue. Will keep it in mind for future vulnerabilities
          Hide
          Roland Schaal added a comment -

          Can anybody tell me, what has been done to fix this issue?
          I somehow don't see any difference comparing tomahawk-1.1.5.jar with tomahawk-1.1.6.jar?!

          Thank you!

          Show
          Roland Schaal added a comment - Can anybody tell me, what has been done to fix this issue? I somehow don't see any difference comparing tomahawk-1.1.5.jar with tomahawk-1.1.6.jar?! Thank you!
          Hide
          Manfred Geiler added a comment -

          The HtmlRendererUtils class is different!

          Show
          Manfred Geiler added a comment - The HtmlRendererUtils class is different!
          Hide
          Matthias Weßendorf added a comment -

          check the "Subversion Commits" tab

          Show
          Matthias Weßendorf added a comment - check the "Subversion Commits" tab

            People

            • Assignee:
              Manfred Geiler
              Reporter:
              rajat
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development