[jira] Updated: (OFBIZ-260) Cross Site Scripting Vulnerability (XSS)

Jacopo Cappellato (JIRA) Sun, 17 Sep 2006 00:28:13 -0700

     [ http://issues.apache.org/jira/browse/OFBIZ-260?page=all ]


Jacopo Cappellato updated OFBIZ-260:
------------------------------------

    Comment: was deleted

> Cross Site Scripting Vulnerability (XSS)
> ----------------------------------------
>
>                 Key: OFBIZ-260
>                 URL: http://issues.apache.org/jira/browse/OFBIZ-260
>             Project: OFBiz (The Open for Business Project)
>          Issue Type: Bug
>          Components: ecommerce
>    Affects Versions: SVN trunk
>            Reporter: Marco Risaliti
>
> It's a copy of http://jira.undersunconsulting.com/browse/OFBIZ-559 from 
> Olivier Lietz.
> ===========================================================
> *Very* simple test: 
> /ecommerce/control/keywordsearch?SEARCH_STRING=<script>alert("XSS");</script> 
> Other components beside ecommerce are also affected.  
>  

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Updated: (OFBIZ-260) Cross Site Scripting Vulnerability (XSS)

Reply via email to