Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-3608

Java Template defaults to opening up a XSS vulnerability

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • None
    • 2.3.1
    • Plugin - Java Templates
    • None

    Description

      The following components do not escape input by default on submission: FileHandler, HiddenHandler, PasswordHandler, ResetHandler, SelectHandler, SubmitHandler, and TextFieldHandler. This opens up an XSS vulnerability by default.

      They currently do something like:

      .addIfExists("value", params.get("nameValue"), false)

      instead of:

      .addIfExists("value", params.get("nameValue"), true)

      I vote it defaults to escaping. Having an attribute added to toggle it would be nice too.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. WW-3597 XSS vulnerability in javatemplates plugin

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              maurizio.cucchiara Maurizio Cucchiara
              ddigmann Dustin Digmann
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: