[JCR-3950] XSS in DirListingExportHandler - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.5, 2.2.13, 2.4.5, 2.6.5, 2.10.1, 2.8.1, 2.12.0
Fix Version/s: 0.9, 2.4.6, 2.6.6, 2.10.2, 2.8.2, 2.13.0, 2.12.1, 2.14
Component/s: jackrabbit-jcr-server
Labels:
None

Description

The XSS vulnerability patched in ~~JCR-3630~~ applies to the parent name (and the repository metadata) as well, thus more needs to be escaped.

Attachments

Issue Links

is a clone of

JCR-3630 XSS in DirListingExportHandler

Closed

Activity

People

Assignee:: Julian Reschke

Reporter:: Julian Reschke

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 26/Feb/16 09:17

Updated:: 26/Aug/19 08:47

Resolved:: 26/Feb/16 09:30