Impact
The viewer plugin implementation of <mol:molecule> renders molfile data directly inside a <script> tag without any escaping. Arbitrary JavaScript code can thus be executed in the client browser via crafted molfiles.
Patches
Patched in v0.3.0: Molfile data is now rendered as value of a hidden <input> tag and escaped via JSF's mechanisms.
Workarounds
No workaround available.
References
For more information
Impact
The viewer plugin implementation of
<mol:molecule>renders molfile data directly inside a<script>tag without any escaping. Arbitrary JavaScript code can thus be executed in the client browser via crafted molfiles.Patches
Patched in v0.3.0: Molfile data is now rendered as value of a hidden
<input>tag and escaped via JSF's mechanisms.Workarounds
No workaround available.
References
For more information