[Geoserver-devel] [jira] Created: (GEOS-4210) XSS vulnerability in gwc module

_Failed_to_Retrieve · November 4, 2010, 4:47pm

XSS vulnerability in gwc module
-------------------------------

                 Key: GEOS-4210
                 URL: http://jira.codehaus.org/browse/GEOS-4210
             Project: GeoServer
          Issue Type: Bug
          Components: GWC
    Affects Versions: 2.0.2, 2.0.1
         Environment: N/A
            Reporter: Greg Kowal
            Assignee: Andrea Aime

Request parameters are displayed without filtering on error page. I have seen it happening for the following parameters:
SRS
HIGHT
WIDTH
BBOX

example url:
http://www.example.nl/geoserver/gwc/service/wms?LAYERS=my%3Alayer&FORMAT=image%2Fpng&TILED=true&TRANSPARENT=true&TILESORIGIN=-20037508.34%2C-20037508.34&SERVICE=WMS&VERSION=1.1.1&REQUEST=GetMap&STYLES=&EXCEPTIONS=application%2Fvnd.ogc.se_inimage&SRS=<script>alert\(1\)</script>&BBOX=\-313085\.3126,6261722\.3632,0\.76719999976922,6574808\.443&WIDTH=256&HEIGHT=256

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira