[jira] [Commented] (FELIX-6128) Issue in the bundle Web Console

Ashok Kumar (JIRA) Thu, 09 May 2019 05:59:15 -0700


    [ 
https://issues.apache.org/jira/browse/FELIX-6128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16836360#comment-16836360
 ]


Ashok Kumar commented on FELIX-6128:
------------------------------------

New patch - escape_bundle_name_and_other_manifest_headers.patch , which takes 
care of manifest headers listing along with bundle name. 

> Issue in the bundle Web Console
> -------------------------------
>
>                 Key: FELIX-6128
>                 URL: https://issues.apache.org/jira/browse/FELIX-6128
>             Project: Felix
>          Issue Type: Bug
>          Components: Web Console
>            Reporter: Antonio Sanso
>            Assignee: Karl Pauls
>            Priority: Major
>         Attachments: escape_bundle_name_and_other_manifest_headers.patch, 
> image002.png, image003.png
>
>
> RunningSnail  reported an XSS issue in the bundle Web Console.
> After logining,I visit the page whose url is 
> http://127.0.0.1:8080/system/console/bundles.
> Then I click "Install/Update" and before uploading a jar file,I change the 
> content of the "MANIFEST.MF" in the jar file.
> So when an admin visit the page,he will be affected by the stored xss. 
> See attached images



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (FELIX-6128) Issue in the bundle Web Console

Reply via email to