ICEfaces
  1. ICEfaces
  2. ICE-2184

fortify scan PathDispatcher Cross Site Scripting

          Details

          • Type: Bug Bug
          • Status: Closed
          • Priority: Major Major
          • Resolution: Fixed
          • Affects Version/s: 1.7DR#1
          • Fix Version/s: 1.6.2, 1.7DR#2, 1.7
          • Component/s: Framework
          • Labels:
            None
          • Environment:
            ICEfaces

            Description

            A cross-site scripting attack is possible through the error message.

              Activity

              Ascending order - Click to sort in descending order
              Repository Revision Date User Message
              ICEsoft Public SVN Repository #14890 Thu Oct 04 16:11:30 MDT 2007 ted.goddard Error messages echoed to the browser should not contain user input (ICE-2184)
              Files Changed
              Commit graph MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/PathDispatcher.java
              Ted Goddard created issue -
              Ted Goddard made changes -
              Field Original Value New Value
              Security Private [ 10001 ]
              Ted Goddard made changes -
              Assignee Mircea Toma [ mircea.toma ]
              Ken Fyten made changes -
              Fix Version/s 1.7DR#2 [ 10110 ]
              Ken Fyten made changes -
              Status Open [ 1 ] Resolved [ 5 ]
              Resolution Fixed [ 1 ]
              Ken Fyten made changes -
              Fix Version/s 1.6.2 [ 10111 ]
              Assignee Mircea Toma [ mircea.toma ] Ted Goddard [ ted.goddard ]
              Ken Fyten made changes -
              Resolution Fixed [ 1 ]
              Status Resolved [ 5 ] Reopened [ 4 ]
              Repository Revision Date User Message
              ICEsoft Public SVN Repository #15022 Wed Oct 24 16:55:06 MDT 2007 ted.goddard Error messages echoed to the browser should not contain user input (ICE-2184)
              Files Changed
              Commit graph MODIFY /icefaces/branches/icefaces-1.6/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/PathDispatcher.java
              Hide
              Permalink
              Ted Goddard added a comment -

              svn merge -r 13642:14890 ../../../trunk/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/PathDispatcher.java core/src/com/icesoft/faces/webapp/http/servlet/PathDispatcher.java

              Show
              Ted Goddard added a comment - svn merge -r 13642:14890 ../../../trunk/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/PathDispatcher.java core/src/com/icesoft/faces/webapp/http/servlet/PathDispatcher.java
              Ted Goddard made changes -
              Status Reopened [ 4 ] Resolved [ 5 ]
              Resolution Fixed [ 1 ]
              Ken Fyten made changes -
              Fix Version/s 1.7 [ 10080 ]
              Ken Fyten made changes -
              Status Resolved [ 5 ] Closed [ 6 ]
              Assignee Ted Goddard [ ted.goddard ]
              Ken Fyten made changes -
              Resolution Fixed [ 1 ]
              Status Closed [ 6 ] Reopened [ 4 ]
              Security Private [ 10001 ]
              Ken Fyten made changes -
              Status Reopened [ 4 ] Resolved [ 5 ]
              Resolution Fixed [ 1 ]
              Ken Fyten made changes -
              Status Resolved [ 5 ] Closed [ 6 ]

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  Ted Goddard
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: