[jira] [Resolved] (SLING-11622) Unexpected input may cause xss risk in Taxonomy

Dan Klco (Jira) Wed, 02 Nov 2022 04:57:19 -0700


     [ 
https://issues.apache.org/jira/browse/SLING-11622?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Dan Klco resolved SLING-11622.
------------------------------
    Fix Version/s: App CMS 1.1.2
         Assignee: Dan Klco
       Resolution: Fixed

> Unexpected input may cause xss risk in Taxonomy
> -----------------------------------------------
>
>                 Key: SLING-11622
>                 URL: https://issues.apache.org/jira/browse/SLING-11622
>             Project: Sling
>          Issue Type: Bug
>          Components: App CMS
>    Affects Versions: App CMS 1.1.0
>            Reporter: QSec-Team
>            Assignee: Dan Klco
>            Priority: Major
>             Fix For: App CMS 1.1.2
>
>         Attachments: image-2022-10-18-16-09-21-603.png, 
> image-2022-10-18-16-09-45-520.png
>
>
> when we use sling-cms demo ，we find it that input in [+taxonomy item]  may 
> cause the XSS vulnerability。
> some one like eg.
> {code:java}
> //代码占位符
> "><svg onload=alert('xss')></svg> {code}
> !image-2022-10-18-16-09-21-603.png!
>  
> !image-2022-10-18-16-09-45-520.png!



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (SLING-11622) Unexpected input may cause xss risk in Taxonomy

Reply via email to