subject:"\[jira\] \[Updated\] \(WW\-4507\) Struts 2 XSS vulnerability with "

[jira] [Updated] (WW-4507) Struts 2 XSS vulnerability with

2016-01-29 Thread Lukasz Lenart (JIRA)


 [ 
https://issues.apache.org/jira/browse/WW-4507?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lukasz Lenart updated WW-4507:
--
Fix Version/s: (was: 2.3.x)
   2.3.25

> Struts 2 XSS vulnerability with 
> -
>
> Key: WW-4507
> URL: https://issues.apache.org/jira/browse/WW-4507
> Project: Struts 2
>  Issue Type: Bug
>Affects Versions: 2.3.16.3
> Environment: Operating System:  Windows 7.  Application Server:  
> JBoss-4.2.1.GA.  Java: jdk1.5.0.11.  Developloment Framework:  Struts 
> 2.3.16.3.  Browser:  FireFox 38.0.1
>Reporter: brian neisen
>Assignee: Rene Gielen
>  Labels: struts2, vulnerability, xss
> Fix For: 2.3.25, 2.5
>
>
> WhiteHat Security (whitehatsec.com) has found an xss vulnerability with the 
>  tag.   When loading a url in a browser with some param name, in 
> this case "myinput", and the jsp being loaded has the tag  name="myinput" id="myinput">, an alert message is popped open 
> in the browser- which is WhiteHat's method of showing the vulnerability.  
> Example url is: 
> [http://localhost:8080/sample.action?myinput=%fc%80%80%80%80%a2%fc%80%80%80%80%bE%FC%80%80%80%80%BC%FC%80%80%80%81%B7%FC%80%80%80%81%A8%FC%80%80%80%81%B3%FC%80%80%80%81%A3%FC%80%80%80%81%A8%FC%80%80%80%81%A5%FC%80%80%80%81%A3%FC%80%80%80%81%AB%FC%80%80%80%80%BE%fc%80%80%80%80%bCscript%fc%80%80%80%80%bEalert%fc%80%80%80%80%a81%fc%80%80%80%80%a9%fc%80%80%80%80%bC%fc%80%80%80%80%aFscript%fc%80%80%80%80%bE]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (WW-4507) Struts 2 XSS vulnerability with

2016-01-20 Thread Rene Gielen (JIRA)


 [ 
https://issues.apache.org/jira/browse/WW-4507?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Rene Gielen updated WW-4507:

Fix Version/s: 2.5

> Struts 2 XSS vulnerability with 
> -
>
> Key: WW-4507
> URL: https://issues.apache.org/jira/browse/WW-4507
> Project: Struts 2
>  Issue Type: Bug
>Affects Versions: 2.3.16.3
> Environment: Operating System:  Windows 7.  Application Server:  
> JBoss-4.2.1.GA.  Java: jdk1.5.0.11.  Developloment Framework:  Struts 
> 2.3.16.3.  Browser:  FireFox 38.0.1
>Reporter: brian neisen
>Assignee: Rene Gielen
>  Labels: struts2, vulnerability, xss
> Fix For: 2.3.x, 2.5
>
>
> WhiteHat Security (whitehatsec.com) has found an xss vulnerability with the 
>  tag.   When loading a url in a browser with some param name, in 
> this case "myinput", and the jsp being loaded has the tag  name="myinput" id="myinput">, an alert message is popped open 
> in the browser- which is WhiteHat's method of showing the vulnerability.  
> Example url is: 
> [http://localhost:8080/sample.action?myinput=%fc%80%80%80%80%a2%fc%80%80%80%80%bE%FC%80%80%80%80%BC%FC%80%80%80%81%B7%FC%80%80%80%81%A8%FC%80%80%80%81%B3%FC%80%80%80%81%A3%FC%80%80%80%81%A8%FC%80%80%80%81%A5%FC%80%80%80%81%A3%FC%80%80%80%81%AB%FC%80%80%80%80%BE%fc%80%80%80%80%bCscript%fc%80%80%80%80%bEalert%fc%80%80%80%80%a81%fc%80%80%80%80%a9%fc%80%80%80%80%bC%fc%80%80%80%80%aFscript%fc%80%80%80%80%bE]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (WW-4507) Struts 2 XSS vulnerability with

2015-09-08 Thread Lukasz Lenart (JIRA)


 [ 
https://issues.apache.org/jira/browse/WW-4507?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lukasz Lenart updated WW-4507:
--
Fix Version/s: 2.3.x

> Struts 2 XSS vulnerability with 
> -
>
> Key: WW-4507
> URL: https://issues.apache.org/jira/browse/WW-4507
> Project: Struts 2
>  Issue Type: Bug
>Affects Versions: 2.3.16.3
> Environment: Operating System:  Windows 7.  Application Server:  
> JBoss-4.2.1.GA.  Java: jdk1.5.0.11.  Developloment Framework:  Struts 
> 2.3.16.3.  Browser:  FireFox 38.0.1
>Reporter: brian neisen
>  Labels: struts2, vulnerability, xss
> Fix For: 2.3.x
>
>
> WhiteHat Security (whitehatsec.com) has found an xss vulnerability with the 
>  tag.   When loading a url in a browser with some param name, in 
> this case "myinput", and the jsp being loaded has the tag  name="myinput" id="myinput">, an alert message is popped open 
> in the browser- which is WhiteHat's method of showing the vulnerability.  
> Example url is: 
> [http://localhost:8080/sample.action?myinput=%fc%80%80%80%80%a2%fc%80%80%80%80%bE%FC%80%80%80%80%BC%FC%80%80%80%81%B7%FC%80%80%80%81%A8%FC%80%80%80%81%B3%FC%80%80%80%81%A3%FC%80%80%80%81%A8%FC%80%80%80%81%A5%FC%80%80%80%81%A3%FC%80%80%80%81%AB%FC%80%80%80%80%BE%fc%80%80%80%80%bCscript%fc%80%80%80%80%bEalert%fc%80%80%80%80%a81%fc%80%80%80%80%a9%fc%80%80%80%80%bC%fc%80%80%80%80%aFscript%fc%80%80%80%80%bE]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (WW-4507) Struts 2 XSS vulnerability with

2015-05-28 Thread brian neisen (JIRA)


 [ 
https://issues.apache.org/jira/browse/WW-4507?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

brian neisen updated WW-4507:
-
Description: WhiteHat Security (whitehatsec.com) has found an xss 
vulnerability with the  tag.   When loading a url in a browser 
with some param name, in this case "myinput", and the jsp being loaded has the 
tag , an alert message 
is popped open in the browser- which is WhiteHat's method of showing the 
vulnerability.  Example url is: 
[http://localhost:8080/sample.action?myinput=%fc%80%80%80%80%a2%fc%80%80%80%80%bE%FC%80%80%80%80%BC%FC%80%80%80%81%B7%FC%80%80%80%81%A8%FC%80%80%80%81%B3%FC%80%80%80%81%A3%FC%80%80%80%81%A8%FC%80%80%80%81%A5%FC%80%80%80%81%A3%FC%80%80%80%81%AB%FC%80%80%80%80%BE%fc%80%80%80%80%bCscript%fc%80%80%80%80%bEalert%fc%80%80%80%80%a81%fc%80%80%80%80%a9%fc%80%80%80%80%bC%fc%80%80%80%80%aFscript%fc%80%80%80%80%bE]
  (was: WhiteHat Security (whitehatsec.com) has found an xss vulnerability with 
the  tag.   When loading a url in a browser with some param name, 
in this case "myinput", and the jsp being loaded has the tag , an alert message is popped open in 
the browser- which is WhiteHat's method of showing the vulnerability.  Example 
url, enclosed in square brackets is: 
[http://localhost:8080/sample.action?myinput=%fc%80%80%80%80%a2%fc%80%80%80%80%bE%FC%80%80%80%80%BC%FC%80%80%80%81%B7%FC%80%80%80%81%A8%FC%80%80%80%81%B3%FC%80%80%80%81%A3%FC%80%80%80%81%A8%FC%80%80%80%81%A5%FC%80%80%80%81%A3%FC%80%80%80%81%AB%FC%80%80%80%80%BE%fc%80%80%80%80%bCscript%fc%80%80%80%80%bEalert%fc%80%80%80%80%a81%fc%80%80%80%80%a9%fc%80%80%80%80%bC%fc%80%80%80%80%aFscript%fc%80%80%80%80%bE])

> Struts 2 XSS vulnerability with 
> -
>
> Key: WW-4507
> URL: https://issues.apache.org/jira/browse/WW-4507
> Project: Struts 2
>  Issue Type: Bug
>Affects Versions: 2.3.16.3
> Environment: Operating System:  Windows 7.  Application Server:  
> JBoss-4.2.1.GA.  Java: jdk1.5.0.11.  Developloment Framework:  Struts 
> 2.3.16.3.  Browser:  FireFox 38.0.1
>Reporter: brian neisen
>  Labels: struts2, vulnerability, xss
>
> WhiteHat Security (whitehatsec.com) has found an xss vulnerability with the 
>  tag.   When loading a url in a browser with some param name, in 
> this case "myinput", and the jsp being loaded has the tag  name="myinput" id="myinput">, an alert message is popped open 
> in the browser- which is WhiteHat's method of showing the vulnerability.  
> Example url is: 
> [http://localhost:8080/sample.action?myinput=%fc%80%80%80%80%a2%fc%80%80%80%80%bE%FC%80%80%80%80%BC%FC%80%80%80%81%B7%FC%80%80%80%81%A8%FC%80%80%80%81%B3%FC%80%80%80%81%A3%FC%80%80%80%81%A8%FC%80%80%80%81%A5%FC%80%80%80%81%A3%FC%80%80%80%81%AB%FC%80%80%80%80%BE%fc%80%80%80%80%bCscript%fc%80%80%80%80%bEalert%fc%80%80%80%80%a81%fc%80%80%80%80%a9%fc%80%80%80%80%bC%fc%80%80%80%80%aFscript%fc%80%80%80%80%bE]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (WW-4507) Struts 2 XSS vulnerability with

[jira] [Updated] (WW-4507) Struts 2 XSS vulnerability with

[jira] [Updated] (WW-4507) Struts 2 XSS vulnerability with

[jira] [Updated] (WW-4507) Struts 2 XSS vulnerability with

4 matches

Site Navigation

Mail list logo

Footer information