[ http://issues.apache.org/jira/browse/OFBIZ-260?page=all ]
Jacopo Cappellato updated OFBIZ-260: ------------------------------------ Comment: was deleted > Cross Site Scripting Vulnerability (XSS) > ---------------------------------------- > > Key: OFBIZ-260 > URL: http://issues.apache.org/jira/browse/OFBIZ-260 > Project: OFBiz (The Open for Business Project) > Issue Type: Bug > Components: ecommerce > Affects Versions: SVN trunk > Reporter: Marco Risaliti > > It's a copy of http://jira.undersunconsulting.com/browse/OFBIZ-559 from > Olivier Lietz. > =========================================================== > *Very* simple test: > /ecommerce/control/keywordsearch?SEARCH_STRING=<script>alert("XSS");</script> > Other components beside ecommerce are also affected. > -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira