[Geoserver-devel] [jira] (GEOS-6632) Cross-site scripting vulnerability in WMS exceptions

Ben Caradoc-Davies created an issue

GeoServer / BugGEOS-6632

Cross-site scripting vulnerability in WMS exceptions

Issue Type:

BugBug

Affects Versions:

2.6-RC1, 2.6-RC2

Assignee:

Andrea Aime

Components:

WMS

Created:

26/Aug/14 4:25 AM

Priority:

MajorMajor

Reporter:

Ben Caradoc-Davies

Arbitrary bytes can be injected into the locator element in a WMS exception:

Ben Caradoc-Davies commented on

GEOS-5318 :

Jukka, which script did you test? The openlayers example above or Mats’ example, which was like this?:

http://localhost:8080/geoserver/ows?SERVICE=WMS&request=%22%3E%3Ca%20xmlns:a=%27http://www.w3.org/1999/xhtml%27%3E%3Ca:body%20onload=%22alert%28%27xss%27%29%22/%3E%3C/a%3E%3C

(Test link based on one provided by Victor Tey.)

Jukka Rahkonen commented on

GEOS-5318 :

The OpenLayers example after “Here’s an example:” That shows only an OpenLayers map but the other one by Victor Tey indeed shows a text box “xss” with Firefox 31.0

Add Comment

Add Comment

This message was sent by Atlassian JIRA (v6.1.6#6162-sha1:7af547c)

Atlassian logo