[
https://issues.apache.org/jira/browse/SOLR-7949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15025642#comment-15025642
]
Miriam Celi commented on SOLR-7949:
-----------------------------------
I wasn't sure if 5.3.0 was one of the affected versions, since the Details
included at the top of the record only lists 4.9, 4.10.4, 5.2.1 as affected
versions. Perhaps Affected Versions should be set to "All versions prior to
5.3.1" in order to avoid confusion???
> Thers is a xss issue in plugins/stats page of Admin Web UI.
> -----------------------------------------------------------
>
> Key: SOLR-7949
> URL: https://issues.apache.org/jira/browse/SOLR-7949
> Project: Solr
> Issue Type: Bug
> Components: web gui
> Affects Versions: 4.9, 4.10.4, 5.2.1
> Reporter: davidchiu
> Assignee: Jan Høydahl
> Fix For: 5.4, 5.3.1, Trunk
>
>
> Open Solr Admin Web UI, select a core(such as collection1) and then click
> "Plugins/stats",and type a url like
> "http://127.0.0.1:8983/solr/#/collection1/plugins/cache?entry=score=<img
> src=1 onerror=alert(1);> to the browser address, you will get alert box with
> "1".
> I changed follow code to resolve this problem:
> The Original code:
> for( var i = 0; i < entry_count; i++ )
> {
> $( 'a[data-bean="' + entries[i] + '"]', frame_element )
> .parent().addClass( 'expanded' );
> }
> The Changed code:
> for( var i = 0; i < entry_count; i++ )
> {
> $( 'a[data-bean="' + entries[i].esc() + '"]', frame_element )
> .parent().addClass( 'expanded' );
> }
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
