Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-2044

Cross-site scripting (XSS injection) is possible in JSPUI Discovery search form

    XMLWordPrintable

    Details

    • Attachments:
      2
    • Comments:
      11
    • Documentation Status:
      Not Required

      Description

      The Discovery JSPUI search form has issues related to input validation on the simple-search function.

      Here are some examples:

      • Cross site scripting: The simple-search "query", "filtertype", "filtername", "filter_type_1", and "filter_field_1" parameters are susceptible to XSS attacks
      • Link Injection: The simple-search "filtertype", and "filter_type_1" parameters are susceptible to link injection attacks
      • Phishing through frames: The simple-search "filtertype", and "filter_type_1" parameters are susceptible to phishing through frames attacks

        Attachments

          Activity

            People

            • Assignee:
              l_a_p Luigi Andrea Pascarelli (4Science)
              Reporter:
              gabriela Gabriela Mircea
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: