Closed CesarUCS closed 9 months ago
This issue in the Mercury template was already fixed internally. It's going to be pushed to Github with the release of the next version of OpenCms.
The problem was improper handling of the 'page' parameter in /system/modules/alkacon.mercury.template/tags/meta-canonical.tag.
Hello, im César,
I working with OpenCmsv15 six month ago, developing a new portal that use some OpenCms resourses. I use the default slider with pagination for show many videos.
When the security team evaluate the new portal they found a problem with cross site scripting in this slider resource, this resource accept in url javascript parameters like:
?page=1%27"%28%29%26%25<script%20>prompt%281%29<%2fscript>
Then I tried sanityce this paremeter, but I can´t do it well. I dont know where this parameter is used in code.
¿Could you help me with any solution?
Thanks.