voyent
XSS Vulnerability in ice.window parameter (IceFaces 4.1.1)  XML
Forum Index -> General Help
Author Message
PeterReinecke


Joined: 12/Aug/2013 02:41:40
Messages: 29
Offline


Similiar to http://www.icesoft.org/JForum/posts/list/17715.page#sthash.1SnIyBRs.dpbs and http://www.icesoft.org/JForum/posts/list/16785.page#sthash.LESsdAY7.dpbs and http://jira.icesoft.org/browse/ICE-6657

If you attach Code:
?ice.window=%3C/script%3E%3Cscript%3Ealert(%27test%27)%3C/script%3E
to the URL, the Javascript will get executed.

Any tips to fix this manually?
PeterReinecke


Joined: 12/Aug/2013 02:41:40
Messages: 29
Offline


I just found that there is already a Jira issue: http://jira.icesoft.org/browse/ICE-10990

As there didn't happen anything for a year, can you please give a statement regarding this?


PeterReinecke


Joined: 12/Aug/2013 02:41:40
Messages: 29
Offline


Ok, sorry, I just found this issue: http://jira.icesoft.org/browse/ICE-10998

As this is fixed, you may close the other issue as duplicate.
ken.fyten

Joined: 26/Oct/2004 00:00:00
Messages: 1338
Offline


Hi,

I've closed those two other duplicate JIRAs and mentioned the JIRA that resolves the issue in them.

Thanks for the heads-up.

Regards,
Ken

Ken Fyten
VP Product Development
ICEsoft Technologies, Inc.
 
Forum Index -> General Help
Go to:   
Powered by JForum 2.1.7ice © JForum Team