TitleXSS vulnerability in Search.jsp
Date23-Nov-2004 00:09:03 EET
Version2.1.120
SubmitterAdministrator
Criticality BadBug
Browser version
StatusClosedBug
PageProvider used
Servlet Container
Operating System
URL
Java version

How to repeat: http://(yoursite)/Search.jsp?query=<script>alert('hi')</script>

cf. CERT Advisory CA-2000-02
http://www.cert.org/advisories/CA-2000-02.html
Microsoft HOWTO: Prevent Cross-Site Scripting Security Issues (Q252985)
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q252985
Microsoft Technet "Cross-site Scripting Overview"
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/csoverv.asp
http://www.microsoft.com/technet/security/news/csoverv.mspx

-Jeremy Bae


Fixed in 2.1.122. Here's the necessary patch, if anyone is interested:

--- src/webdocs/Search.jsp      8 May 2003 22:46:21 -0000       1.27
+++ src/webdocs/Search.jsp      23 Nov 2004 20:22:36 -0000      1.28
@@ -41,6 +41,8 @@
                                   list,
                                   PageContext.REQUEST_SCOPE );
 
+        query = TextUtil.replaceEntities( query );
+
         pageContext.setAttribute( "query",
                                   query,
                                   PageContext.REQUEST_SCOPE );

-- JanneJalkanen, 23-Nov-2004


Version 2.1.122 contains the vulnerability too. You fixed it in 2.1.123.

-- SteffenStundzig, 30-Nov-2004

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-10) was last changed on 06-Jun-2005 21:02 by 158.228.228.108