ICEfaces
  1. ICEfaces
  2. ICE-10998

'ice.window', 'ice.view' parameters vulnerable to JS injection attack

    Details

      Description

      This behaviour makes ICEFaces vulnerable to Javascript injection attacks when accessed URLs contain Javascript code as parameter values. For ICEfaces 3.* versions only 'ice.view' parameter is vulnerable while in ICEfaces 4.* versions 'ice.view' and 'ice.window' parameters are vulnerable to JS injection attacks.

        Activity

          People

          • Assignee:
            Mircea Toma
            Reporter:
            Mircea Toma
          • Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: