ICEfaces
  1. ICEfaces
  2. ICE-10998

'ice.window', 'ice.view' parameters vulnerable to JS injection attack

          Details

            Description

            This behaviour makes ICEFaces vulnerable to Javascript injection attacks when accessed URLs contain Javascript code as parameter values. For ICEfaces 3.* versions only 'ice.view' parameter is vulnerable while in ICEfaces 4.* versions 'ice.view' and 'ice.window' parameters are vulnerable to JS injection attacks.

              Activity

              Ascending order - Click to sort in descending order
              Mircea Toma created issue -
              Mircea Toma made changes -
              Field Original Value New Value
              Assignee Mircea Toma [ mircea.toma ]
              Mircea Toma made changes -
              Fix Version/s EE-4.1.0.GA [ 12171 ]
              Mircea Toma made changes -
              Fix Version/s EE-3.3.0.GA_P04 [ 12270 ]
              Mircea Toma made changes -
              Status Open [ 1 ] Resolved [ 5 ]
              Resolution Fixed [ 1 ]
              Ken Fyten made changes -
              Summary ice.window parameter vulnerable to JS injection 'ice.window', 'ice.view' parameters vulnerable to JS injection attack
              Security Private [ 10001 ]
              Affects Version/s 4.0 [ 11382 ]
              Affects Version/s 3.3 [ 10370 ]
              Affects Version/s 4.1.1 [ 12972 ]
              Priority Major [ 3 ] Critical [ 2 ]
              Affects Documentation (User Guide, Ref. Guide, etc.) [ 10003 ]
              Assignee Priority P1 [ 10010 ]
              Ken Fyten made changes -
              Resolution Fixed [ 1 ]
              Status Resolved [ 5 ] Reopened [ 4 ]
              Mircea Toma made changes -
              Description Loading a page with _ice.window_ parameter defined in the URL and with its value set to JS code that starts with ' character will have this code executed in the browser. Loading a page with _ice.window_ parameter defined in the URL and with its value set to JS code that starts with ' character will have this code executed in the browser.

              This behaviour makes ICEFaces vulnerable to Javascript injection attacks when accessed URLs contain Javascript code as parameter values. For ICEfaces 3.* versions only _ice.view_ parameter is vulnerable while ICEfaces 4.* versions _ice.view_ and _ice.window_ are vulnerable to JS injection attacks.
              Mircea Toma made changes -
              Description Loading a page with _ice.window_ parameter defined in the URL and with its value set to JS code that starts with ' character will have this code executed in the browser.

              This behaviour makes ICEFaces vulnerable to Javascript injection attacks when accessed URLs contain Javascript code as parameter values. For ICEfaces 3.* versions only _ice.view_ parameter is vulnerable while ICEfaces 4.* versions _ice.view_ and _ice.window_ are vulnerable to JS injection attacks.               		Loading a page with _ice.window_ parameter defined in the URL and with its value set to JS code that starts with ' character will have this code executed in the browser.

              This behaviour makes ICEFaces vulnerable to Javascript injection attacks when accessed URLs contain Javascript code as parameter values. For ICEfaces 3.* versions only _ice.view_ parameter is vulnerable while in ICEfaces 4.* versions _ice.view_ and _ice.window_ parameters are vulnerable to JS injection attacks.
              Mircea Toma made changes -
              Status Reopened [ 4 ] Resolved [ 5 ]
              Resolution Fixed [ 1 ]
              Mircea Toma made changes -
              Description Loading a page with _ice.window_ parameter defined in the URL and with its value set to JS code that starts with ' character will have this code executed in the browser.

              This behaviour makes ICEFaces vulnerable to Javascript injection attacks when accessed URLs contain Javascript code as parameter values. For ICEfaces 3.* versions only _ice.view_ parameter is vulnerable while in ICEfaces 4.* versions _ice.view_ and _ice.window_ parameters are vulnerable to JS injection attacks.               		Loading a page with _ice.window_ parameter defined in the URL and with its value set to JS code that starts with ' character will have this code executed in the browser.

              This behaviour makes ICEFaces vulnerable to Javascript injection attacks when accessed URLs contain Javascript code as parameter values. For ICEfaces 3.* versions only 'ice.view' parameter is vulnerable while in ICEfaces 4.* versions 'ice.view' and 'ice.window' parameters are vulnerable to JS injection attacks.
              Mircea Toma made changes -
              Description Loading a page with _ice.window_ parameter defined in the URL and with its value set to JS code that starts with ' character will have this code executed in the browser.

              This behaviour makes ICEFaces vulnerable to Javascript injection attacks when accessed URLs contain Javascript code as parameter values. For ICEfaces 3.* versions only 'ice.view' parameter is vulnerable while in ICEfaces 4.* versions 'ice.view' and 'ice.window' parameters are vulnerable to JS injection attacks.               		This behaviour makes ICEFaces vulnerable to Javascript injection attacks when accessed URLs contain Javascript code as parameter values. For ICEfaces 3.* versions only 'ice.view' parameter is vulnerable while in ICEfaces 4.* versions 'ice.view' and 'ice.window' parameters are vulnerable to JS injection attacks.
              Ken Fyten made changes -
              Security Private [ 10001 ]
              Liana Munroe made changes -
              Resolution Fixed [ 1 ]
              Status Resolved [ 5 ] Reopened [ 4 ]
              Mircea Toma made changes -
              Status Reopened [ 4 ] Resolved [ 5 ]
              Resolution Fixed [ 1 ]
              Ken Fyten made changes -
              Fix Version/s EE-4.1.0.BETA [ 13072 ]
              Ken Fyten made changes -
              Issue Type Bug [ 1 ] Improvement [ 4 ]
              Ken Fyten made changes -
              Fix Version/s 4.2.BETA [ 13091 ]
              Fix Version/s 4.2 [ 12870 ]
              Ken Fyten made changes -
              Status Resolved [ 5 ] Closed [ 6 ]

                People

                • Assignee:
                  Mircea Toma
                  Reporter:
                  Mircea Toma
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: