Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-2736

XSS in JSPUI search form

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 5.3
    • Fix Version/s: 3.5, 4.4, 5.4
    • Component/s: JSPUI
    • Labels:
    • Environment:
       Firefox browser.
    • Attachments:
      1
    • Comments:
      4
    • Documentation Status:
      In Description

      Description

      parameters;
      filtername, sort_by, filtertype, filter_field_1, filter_type_1, etc.

      url: http://demo.dspace.org/jspui//simple-search?filter_field_1=title&filter_type_1=equals&filter_value_1=1&location=/&order=desc&query=1&rpp=10&sort_by=score%27%22%28%29%26%25%3Cacx%3E%3CScRiPt%20%3Ealert%28/XSS/%29%3C/ScRiPt%3E&submit_filter_remove_1=X

      This vulnerability is present in the Firefox browser.
      The engine of Chrome browser prevents this , but not firefox.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tdonohue Tim Donohue
              Reporter:
              gcontreras Genaro Contreras
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: