Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 421894

Summary: Reporting a Serious Vulnerability on Your Respective Domain eclipse.org
Product: z_Archived Reporter: Akansha Kesharwani <minti.ayu>
Component: EclipselinkAssignee: Nobody - feel free to take it <nobody>
Status: CLOSED DUPLICATE QA Contact:
Severity: normal    
Priority: P3 CC: denis.roy, tom.ware
Version: unspecified   
Target Milestone: ---   
Hardware: PC   
OS: Windows 7   
Whiteboard:
Attachments:
Description Flags
Proof of concept none

Description Akansha Kesharwani CLA 2013-11-16 11:14:38 EST 
Created attachment 237508 [details]
Proof of concept

Greetings,

My Name is Akansha Kesharwani, i am a young security researcher from India, while surfing your website i have found a very serious vulnerability known as XSS (Cross Site Scripting) that can lead your users data and reputation attacks if found by any malicious attacker.

So being a young reputed security researcher from India it’s my duty to report this vulnerability to you. Please forward this email to your technical department which take care of the website www.eclipse.org

Testing POC Script Method

Test1: Alert
http://www.eclipse.org/home/categories/index.php?category=></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88, 83, 83, 32, 102, 111, 117, 110, 100, 32, 98, 121, 32, 65, 107, 97, 110, 115, 104, 97, 32, 75, 101, 115, 104, 97, 114, 119, 97, 110, 105))</SCRIPT>

I hope you will make the best use of the report and patch the vulnerability in no time. For any further assistance feel free to revert. I will be happy to assist your team if you need my assistance.

Waiting for the acceptance of POC (Proof of concept Attached) and a suitable remedy for reporting the vulnerability.




-- 
Akansha Kesharwani
Security Researcher, India
Comment 1 Eric Gwin CLA 2013-11-18 09:21:33 EST 
Forwarded to webmaster's attention:

We received this bug-report over the weekend. I'm not certain if this is really a report from a "security researcher", of some hacker trying to get us to create a hole by supplying a "fix". Thought I'd forward it on to you to evaluate.
Comment 2 Denis Roy CLA 2013-11-18 09:22:19 EST 

*** This bug has been marked as a duplicate of bug 421875 ***
Comment 3 Eclipse Webmaster CLA 2022-06-09 10:20:36 EDT 
The Eclipselink project has moved to Github: https://github.com/eclipse-ee4j/eclipselink