#156 XSS in login.php

v4.4
closed-fixed
Roland Gruber
security (1)
5
2015-01-10
2013-10-21
Roland Gruber
No

An XSS was found in login.php. But it requires to send malicious data via POST which makes it harder to exploit. E.g. it is not sufficient to click on a link.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726976

Discussion

  • Roland Gruber
    Roland Gruber
    2013-10-21

    Attached patch. Please see included install.txt for installation instructions.

     
    Attachments
  • Roland Gruber
    Roland Gruber
    2013-10-29

    • status: open --> closed-fixed