Login | Register
My pages Projects Community openCollabNet

Discussions > issues > [Issue 424] New - Cross site scripting problem with SearchList function

Discussion topic

Back to topic list

[Issue 424] New - Cross site scripting problem with SearchList function


Author erikabele
Full name Erik Abele
Date 2003-10-17 17:57:06 PDT
Message http://eyebrowse.tig​ris.org/issues/show_​bug.cgi?id=424
                  Issue #:|424
                  Summary:|Cross site scripting problem with SearchList function
                          |e=announce at apache dot org
        Status whiteboard:|
               Issue type:|DEFECT
              Assigned to:|aguenther
              Reported by:|erikabele

------- Additional comments from erikabele at tigris dot org Fri Oct 17 17:57:05 -0700 2003 -------
The following report was originally submitted to webmaster {at} apache.org. Additional information
regarding the possible security implications (CSS) can be found at the following urls:



From: Daniel Naber <daniel.naber@t-o​nline.de>
To: webmaster at apache dot org
Subject: Cross site scripting problem with your search
Date: Fri, 17 Oct 2003 22:45:47 +0200
Message-Id: <200310172245.477​89 at danielnaber dot de​>


your search function on nagoya.apache.org can be tricked to include HTML
and Javascript code in the result page. You'll see this when you do a
search for

"><i>outside form

You'll see that a part of this search query appears outside the text field,
obviously because the " isn't escape to &quot; (etc).

The page I used to test this is

This could become a security issue, so I suggest to fix this problem.



To unsubscribe, e-mail: issues-unsubscribe@e​yebrowse.tigris.org
For additional commands, e-mail: issues-help@eyebrows​e.tigris.org

« Previous message in topic | 1 of 1 | Next message in topic »


Show all messages in topic

[Issue 424] New - Cross site scripting problem with SearchList function erikabele Erik Abele 2003-10-17 17:57:06 PDT
Messages per page: