[jira] Resolved: (JS2-656) Cross-Site Scripting (XSS) vulnerability

Ate Douma (JIRA) Fri, 02 Mar 2007 14:10:11 -0800

     [ 
https://issues.apache.org/jira/browse/JS2-656?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ate Douma resolved JS2-656.
---------------------------

    Resolution: Fixed

Solved using a dedicated /* filter checking each request and returning HTTP 
Status 400, SC_BAD_REQUEST in case of such an attack

> Cross-Site Scripting (XSS)  vulnerability
> -----------------------------------------
>
>                 Key: JS2-656
>                 URL: https://issues.apache.org/jira/browse/JS2-656
>             Project: Jetspeed 2
>          Issue Type: Bug
>          Components: Components Core
>    Affects Versions: 2.1
>            Reporter: Ate Douma
>         Assigned To: Ate Douma
>            Priority: Blocker
>             Fix For: 2.1
>
>
> A Cross-Site Scripting vulnerability was found for Jetspeed allowing anXXS 
> Url attack like the following:
>   
> http://localhost:8080/jetspeed/portal/pages/default-page.psml/%22%3e%3cscript%3ealert(%27XSS%20test%27)%3c/script%3e
>    

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[jira] Resolved: (JS2-656) Cross-Site Scripting (XSS) vulnerability

Reply via email to