[jira] [Created] (SOLR-4861) Simple reflected cross site scripting vulnerability

John Menerick (JIRA) Sun, 26 May 2013 19:28:21 -0700

John Menerick created SOLR-4861:
-----------------------------------

             Summary: Simple reflected cross site scripting vulnerability
                 Key: SOLR-4861
                 URL: https://issues.apache.org/jira/browse/SOLR-4861
             Project: Solr
          Issue Type: Bug
          Components: web gui
    Affects Versions: 4.3, 4.2
         Environment: Requires web ui / Jetty Solr to be exploited.
            Reporter: John Menerick



There exists a simple XSS via the 404 Jetty / Solr code.  Within 
JettySolrRunner.java, line 465, if someone asks for a non-existent page / url 
which contains malicious code, the "Can not find" can be escaped and malicious 
code will be executed on the victim's browser. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Created] (SOLR-4861) Simple reflected cross site scripting vulnerability

Reply via email to