JSE XSS vuln. Vuln. dicovered by : r0t Date: 2 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/jse-xss-vuln.html Vendor:http://www.me.lv/jse/index.html affected version:0.9.34
Product Description: Java Search Engine is a server-side search engine program for web sites. Search engines provide to the site visitors easy and fast way to find what they want on your site. If you want to have search engine on your site - you can try Java Search Engine. It is easy, just follow instructions on this page. Java Search Engine has common Java API interfaces such as JSP, servlets and EJB. Can save results as XML and transform them into HTML using XSLT stylesheets. Java Search Engine is a complete solution, you don't have to to create crawler for it, you don't have to to install or integrate it with any database if you don't want, you don't have to use any other additional software (except JDK of course). This search engine is familiar to your visitors - it has the same query language and output interface as Google.
Vuln. Description: Input passed to the "q" parameter in "search.jsp" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
example: /search.jsp?oe=english&q=%3Cscript%3Ealert %28%27r0t%27%29%3C%2Fscript%3E&qor=
Solution: Edit the source code to ensure that input is properly sanitised.