OF-836 CVE-2015-6972 rXSS in import-keystore...

Reflected XSS in import-keystore-certificate.jsp via the passphrase. Reported by Florian Nivette of Sysdream.

OF-836 CVE-2015-6972 rXSS in import-keystore...
Reflected XSS in import-keystore-certificate.jsp via the passphrase. Reported by Florian Nivette of Sysdream.
20174b68 · Dave Cridland · 36bb0e80 · 20174b68
Commit 20174b68 authored Mar 23, 2016 by Dave Cridland
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

import-keystore-certificate.jsp src/web/import-keystore-certificate.jsp +1 -1

No files found.
--- a/src/web/import-keystore-certificate.jsp
+++ b/src/web/import-keystore-certificate.jsp
@@ -117,7 +117,7 @@
                    <label for="passPhrase"><fmt:message key="ssl.import.certificate.keystore.pass-phrase" /></label>
                </td>
                <td width="99%">
-                    <input type="text" size="60" maxlength="200" name="passPhrase" id="passPhrase" value="${param.passPhrase}">
+                    <input type="text" size="60" maxlength="200" name="passPhrase" id="passPhrase" value="<c:out value="${param.passPhrase}"/>">
                </td>
            </tr>
            <tr valign="top">