[
https://issues.apache.org/jira/browse/SOLR-8308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15035456#comment-15035456
]
Uwe Schindler commented on SOLR-8308:
-------------------------------------
Hi, we should rename this issue (summary title), so it does not mention
incorrect XSS. This is no XSS issue, so we should be careful with alerting
people on the release. There is no security related stuff involved. That the
core gets inaccessible ist the real bug.
> XSS vulnerability
> -----------------
>
> Key: SOLR-8308
> URL: https://issues.apache.org/jira/browse/SOLR-8308
> Project: Solr
> Issue Type: Bug
> Reporter: Adam Johnson
> Attachments: SOLR-8308.patch, SOLR-8308.patch
>
>
> You can rename a core using the following modified URL
> https://SOLR:PORT/solr/admin/cores?wt=json&indexInfo=false&action=RENAME&core=test_app_shared2_replica2&other=%3Csvg+onload%3Dalert(1)%3E&_=1445468005152.
> The core becomes inaccessible / unusable. There should be more form
> validation to the core name assignment
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
