Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

Cubrid.org: XSS vulnerability

2010-07-01
2013-06-05
  • Esen Sagynov
    Esen Sagynov
    2010-07-01

    Hi Catalin,

    Cubrid.org site has XSS vulnerability.

    1. After cubrid.org loads, in the search box on the right top enter exactly the following keyword, including the beginning quotation  mark and no ending quotation mark ="><script>alert(1)</script> and including JavaScript.

    2. Hit Enter, and you when the page reloads, Alert box will pop up. This is the problem.

    3. When you press Ok, the rest of the page will be displayed. Take a look to the search box on the right. You will see the HTML code being displayed. Beside the styling will fail as well.

    Instead of this keyword you can input other bunch of others and the site will fail to filter them.

    Please fix this.

     
  • Daniel Ionescu
    Daniel Ionescu
    2010-07-01

    Dear Esen,

    I made the search display correctly, so it's fixed.

    Best regards,
    Daniel.

     
  • Esen Sagynov
    Esen Sagynov
    2010-07-02

    The error still persists. I have added an issue to the tracker. Please check it.

     
  • Daniel Ionescu
    Daniel Ionescu
    2010-07-02

    Dear Esen,

    Please clear your cache and all should be fine.

    Best regards,
    Daniel.