John Menerick created SOLR-4861:
-----------------------------------
Summary: Simple reflected cross site scripting vulnerability
Key: SOLR-4861
URL: https://issues.apache.org/jira/browse/SOLR-4861
Project: Solr
Issue Type: Bug
Components: web gui
Affects Versions: 4.3, 4.2
Environment: Requires web ui / Jetty Solr to be exploited.
Reporter: John Menerick
There exists a simple XSS via the 404 Jetty / Solr code. Within
JettySolrRunner.java, line 465, if someone asks for a non-existent page / url
which contains malicious code, the "Can not find" can be escaped and malicious
code will be executed on the victim's browser.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
