[jira] [Resolved] (FELIX-3010) XSS in Felix Web Console

Carsten Ziegeler (JIRA) Sat, 16 Jul 2011 10:30:27 -0700

     [ 
https://issues.apache.org/jira/browse/FELIX-3010?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Carsten Ziegeler resolved FELIX-3010.
-------------------------------------

    Resolution: Fixed

The pid and filter pid is now filtered against invalid characters
Changed in revision 1147461

> XSS in Felix Web Console
> ------------------------
>
>                 Key: FELIX-3010
>                 URL: https://issues.apache.org/jira/browse/FELIX-3010
>             Project: Felix
>          Issue Type: Bug
>          Components: Web Console
>    Affects Versions: webconsole-3.1.8
>            Reporter: Lars Krapf
>            Assignee: Carsten Ziegeler
>              Labels: console, felix, xss
>             Fix For: webconsole-3.1.10
>
>
> http://localhost:4502/system/console/configMgr/%3Cscript%3Ealert(23);%3C/script%3E

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (FELIX-3010) XSS in Felix Web Console

Reply via email to