Uploaded image for project: '[Read Only] - Hippo Site Toolkit 2'
  1. [Read Only] - Hippo Site Toolkit 2
  2. HSTTWO-2853

XSS vulnerability in LoginServlet

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • 2.26.10
    • 2.26.11
    • None

    Description

      An attacker can misuse the destination parameter to inject javascript to the login form.

      Reproduction Path:
      1) build and run gogreen 3.07.xx
      2) open http://localhost:8080/site/login/form?destination=true%27%29alert%28document.getElementById%28%27password%27%29.value%29;//
      3) click on cancel

      The password is shown in an alert popup. Expected is the destination query parameter should be url-encoded so the javascript of the cancel button can't be hijacked.

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. HSTTWO-2855 Forward port: XSS vulnerability in LoginServlet

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed

          Activity

            People

              jsheriff Junaidh Kadhar Sheriff
              jbloemendal Jannis Bloemendal (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: