History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES       PLANNING BOARD       TASK BOARD   
    QUICK SEARCH:  
Issue Details (XML | Word | Printable)

Key: DOTCMS-1787
Type: Bug Bug
Status: Closed Closed
Resolution: Duplicate
Priority: Major Major
Assignee: Jason Tesser
Reporter: Will Ezell
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
dotCMS

XSS vulnerability in error .jsp pages

Created: August 07, 2008 8:59 AM   Updated: July 23, 2009 11:53 AM
Component/s: a. Unknown
Affects Version/s: 1.6.0, 1.6.0.1, 1.6.0.2, 1.6.0.3, 1.6.0.4, 1.6.0.5, 1.6.0.6, 1.6.0.7, 1.6.0.8, 1.6.0.9
Fix Version/s: None

Time Tracking:
Original Estimate: 30 minutes
Original Estimate - 30 minutes
Remaining Estimate: 30 minutes
Remaining Estimate - 30 minutes
Time Spent: Not Specified
Remaining Estimate - 30 minutes

Issue Links:
Duplicate
 


 Description  « Hide
This most probably affects all the default .jsp error pages:

dotCMS/portal/

401.jsp
403.jsp
404.jsp
500.jsp


http://demo.dotcms.org/%3Cscript%3Ealert('I%20am%20a%20bug!')%3C/script%3E/





 All   Comments   Work Log   Change History   Subversion Commits   FishEye      Sort Order: Ascending order - Click to sort in descending order
There are no comments yet on this issue.

Powered by a free Atlassian JIRA open source license for dotCMS. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.12.3-#302) - Bug/feature request - Atlassian news - Contact Administrators