|Title|XSS vulnerability in Search.jsp
|Date|23-Nov-2004 00:09:03 EET
|Version|2.1.120
|Submitter|Administrator
|Criticality| [BadBug|JSPWiki:BadBug]
|Browser version|
|Status|ClosedBug
|[PageProvider] used|
|Servlet Container|
|Operating System|
|URL|
|Java version|

__How to repeat:__ http://(yoursite)/Search.jsp?query=<script>alert('hi')</script>

cf. 
CERT Advisory CA-2000-02 \\
http://www.cert.org/advisories/CA-2000-02.html \\
Microsoft HOWTO: Prevent Cross-Site Scripting Security Issues (Q252985) \\
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q252985 \\
Microsoft Technet "Cross-site Scripting Overview" \\
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/csoverv.asp \\
http://www.microsoft.com/technet/security/news/csoverv.mspx \\

-[Jeremy Bae|mailto:swbae@stgsecurity.com]

----

Fixed in 2.1.122.  Here's the necessary patch, if anyone is interested:

{{{
--- src/webdocs/Search.jsp      8 May 2003 22:46:21 -0000       1.27
+++ src/webdocs/Search.jsp      23 Nov 2004 20:22:36 -0000      1.28
@@ -41,6 +41,8 @@
                                   list,
                                   PageContext.REQUEST_SCOPE );
 
+        query = TextUtil.replaceEntities( query );
+
         pageContext.setAttribute( "query",
                                   query,
                                   PageContext.REQUEST_SCOPE );
}}}

-- JanneJalkanen, 23-Nov-2004

----

Version 2.1.122 contains the vulnerability too. You fixed it in 2.1.123.

-- SteffenStundzig, 30-Nov-2004