Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4507

Struts 2 XSS vulnerability with <s:textfield>

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.3.16.3
    • 2.3.28, 2.5
    • None
    • Operating System: Windows 7. Application Server: JBoss-4.2.1.GA. Java: jdk1.5.0.11. Developloment Framework: Struts 2.3.16.3. Browser: FireFox 38.0.1

    Description

      WhiteHat Security (whitehatsec.com) has found an xss vulnerability with the <s:textfield> tag. When loading a url in a browser with some param name, in this case "myinput", and the jsp being loaded has the tag <s:textfield name="myinput" id="myinput"></s:textfield>, an alert message is popped open in the browser- which is WhiteHat's method of showing the vulnerability. Example url is: http://localhost:8080/sample.action?myinput=%fc%80%80%80%80%a2%fc%80%80%80%80%bE%FC%80%80%80%80%BC%FC%80%80%80%81%B7%FC%80%80%80%81%A8%FC%80%80%80%81%B3%FC%80%80%80%81%A3%FC%80%80%80%81%A8%FC%80%80%80%81%A5%FC%80%80%80%81%A3%FC%80%80%80%81%AB%FC%80%80%80%80%BE%fc%80%80%80%80%bCscript%fc%80%80%80%80%bEalert%fc%80%80%80%80%a81%fc%80%80%80%80%a9%fc%80%80%80%80%bC%fc%80%80%80%80%aFscript%fc%80%80%80%80%bE

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            rgielen René Gielen
            greaserscc@gmail.com brian neisen
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment