MyFaces Tomahawk
  1. MyFaces Tomahawk
  2. TOMAHAWK-983

Cross-site scripting in autoscroll parameter

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 1.1.1, 1.1.2, 1.1.3, 1.1.5
    • Fix Version/s: 1.1.6
    • Component/s: ExtensionsFilter
    • Labels:
      None
    • Environment:
      Apache/2.0.59 (Unix) mod_ssl/2.0.59 OpenSSL/0.9.7d

      Description

      The autoscroll parameter inserted in the requests is vulnerable to cross-site scripting attacks.
      If the POST request containing the autoscroll parameter is fuzzed to include something on the lines of "autoScroll=0%2C275);//--></script><IMG%20src="bla"%20onerror="alert(document.cookie)"><script>( ", one can see the JavaScript pop-up. This appears to be a vulnerability throughout the JSF apps.

        Issue Links

          Activity

          Leonardo Uribe made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Manfred Geiler made changes -
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Resolved [ 5 ]
          Manfred Geiler made changes -
          Link This issue is duplicated by TOMAHAWK-1021 [ TOMAHAWK-1021 ]
          Manfred Geiler made changes -
          Component/s AJAX Form Components [ 12311445 ]
          Component/s ExtensionsFilter [ 12310927 ]
          Manfred Geiler made changes -
          Field Original Value New Value
          Affects Version/s 1.1.3 [ 12311951 ]
          Assignee Manfred Geiler [ manolito ]
          Affects Version/s 1.1.1 [ 12310821 ]
          Fix Version/s 1.1.6 [ 12312536 ]
          Affects Version/s 1.1.5 [ 12312397 ]
          Affects Version/s 1.1.2 [ 12311050 ]
          Priority Major [ 3 ] Critical [ 2 ]
          rajat created issue -

            People

            • Assignee:
              Manfred Geiler
              Reporter:
              rajat
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development