[ https://issues.apache.org/jira/browse/OFBIZ-2747?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Adam Heath reopened OFBIZ-2747: ------------------------------- This fix breaks code very badly. Please revert it. Namely, inside ecommerce, there are chained surveys. If you attempt to purchase a gift certificate, or activate a financial account, then it will fail after you fill out the survey form. > Security : The remote web server is prone to cross-site scripting attacks. > --------------------------------------------------------------------------- > > Key: OFBIZ-2747 > URL: https://issues.apache.org/jira/browse/OFBIZ-2747 > Project: OFBiz > Issue Type: Bug > Components: specialpurpose/ecommerce > Affects Versions: SVN trunk > Reporter: Alexandre Mazari > Assignee: Scott Gray > Priority: Critical > Fix For: Release Branch 9.04, SVN trunk > > > The pollbox seems to be subjet to request argument injection, without any > strip of html tags (ex : <script>). > Nessus scan log : > Web Server Generic XSS > Synopsis : > The remote web server is prone to cross-site scripting attacks. > Description : > The remote host is running a web server that fails to adequately > sanitize request strings of malicious JavaScript. By leveraging this > issue, an attacker may be able to cause arbitrary HTML and script code > to be executed in a user's browser within the security context of the > affected site. > See also : > http://en.wikipedia.org/wiki/Cross-site_scripting > Solution : > Contact the vendor for a patch or upgrade. > Risk factor : > Medium / CVSS Base Score : 4.3 > (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N) > Plugin output : > The request string used to detect this flaw was : > /?<script>cross_site_scripting.nasl</script> > The output was : > HTTP/1.1 200 OK > Server: Apache-Coyote/1.1 > X-Powered-By: JSP/2.1 > Set-Cookie: OFBiz.Visitor=12065; Expires=Wed, 21-Jul-2010 21:31:20 GMT; Path=/ > Content-Type: text/html;charset=UTF-8 > Transfer-Encoding: chunked > Date: Tue, 21 Jul 2009 21:31:19 GMT > [...] > <h3>Mouse Hand Poll</h3> > <div class="screenlet-body"> > <form method="post" action="/control/minipoll/main" style="margin: 0;"> > <input type="hidden" name="<script>cross_site_scripting.nasl</script>" > value=""/> > <input type="hidden" name="surveyId" value="1004"/> > <table width="100%" border="0" cellpadding="2" cellspacing="0"> > [...] > CVE : CVE-2002-1060, CVE-2003-1543, CVE-2005-2453, CVE-2006-1681 > BID : 5305, 7344, 7353, 8037, 14473, 17408 > Other references : OSVDB:4989, OSVDB:18525, OSVDB:24469, OSVDB:42314 > Nessus ID : 10815 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.