[JIRA] Commenté: (OFBIZ-559) Cross Site Scripting Vulnerability (XSS)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[JIRA] Commenté: (OFBIZ-559) Cross Site Scripting Vulnerability (XSS)

JIRA jira@ofbiz.org
     [ http://jira.undersunconsulting.com/browse/OFBIZ-559?page=comments#action_13938 ]
     
Jacques Le Roux commented on OFBIZ-559:
---------------------------------------

Yes Marco,

Please feel free to do it.We can't close eyes on such issues...

I will close it after.

Thanks

> Cross Site Scripting Vulnerability (XSS)
> ----------------------------------------
>
>          Key: OFBIZ-559
>          URL: http://jira.undersunconsulting.com/browse/OFBIZ-559
>      Project: [OFBiz] Open For Business
>         Type: Bug
>     Reporter: Oliver Lietz
>     Assignee: Jira Administrator

>
>
> *Very* simple test:
> /ecommerce/control/keywordsearch?SEARCH_STRING=<script>alert("XSS");</script>
> Other components beside ecommerce are also affected.

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://jira.undersunconsulting.com/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira