Query text parameter not sanitized
gneissone opened this issue · 0 comments
Describe the bug
This got flagged by a security scanning application as a potential vulnerability. Pagination in search results is handled via URL parameters and javascript. The input is not sanitized, however, so a bad actor could execute something via the VIVO site's domain.
To Reproduce
For example, try this path on any VIVO running the latest code:
{vivo url}/search?querytext=</script><script>alert("uh%20oh");</script>
Expected behavior
The arbitrary javascript passed via the URL should not be executed
Environment (please complete the following information):
- Browser: Chrome
- Tomcat version: 9.0.78
- VIVO version: 1.14.1-SNAPSHOT
- Apache Solr 9.3.0
Additional context
https://github.com/vivo-project/Vitro/blob/03517df59ab02108f81f19d8ff383e20f9c556ca/webapp/src/main/webapp/templates/freemarker/body/search/search-pagedResults.ftl#L55