[jira] [Updated] (ISIS-3077) [Vulnerability] All HTML Inputs need to be Escaped in Order to Avoid XSS Vulnarabilities

Andi Huber (Jira) Wed, 15 Jun 2022 08:47:07 -0700


     [ 
https://issues.apache.org/jira/browse/ISIS-3077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andi Huber updated ISIS-3077:
-----------------------------
    Affects Version/s:     (was: 2.0.0-M7)

> [Vulnerability] All HTML Inputs need to be Escaped in Order to Avoid XSS 
> Vulnarabilities
> ----------------------------------------------------------------------------------------
>
>                 Key: ISIS-3077
>                 URL: https://issues.apache.org/jira/browse/ISIS-3077
>             Project: Isis
>          Issue Type: Bug
>          Components: Isis Viewer Wicket
>            Reporter: Jörg Rade
>            Assignee: Andi Huber
>            Priority: Critical
>             Fix For: 2.0.0-M8
>
>
> Problem is with our use of Wicket's 
> org.apache.wicket.markup.html.form.TextField<T>: input gets 
> interpreted/executed by the browser.
> see
> https://the-asf.slack.com/archives/CFC42LWBV/p1655298008979249?thread_ts=1655296945.755859&cid=CFC42LWBV



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

[jira] [Updated] (ISIS-3077) [Vulnerability] All HTML Inputs need to be Escaped in Order to Avoid XSS Vulnarabilities

Reply via email to