#362 2.10.9 - no XSS filter in cpanel mass add/dl subscribers

closed-fixed
Justin J
security (14)
5
2006-08-21
2006-08-14
Justin J
No

This is a simple check, that should be dealt with.

Something as simple as:

<script>alert('foo')</script>

When submitted in either the, "add" or, "remove" email
subscribers will show the Javascript alert box.

Discussion

  • Justin J
    Justin J
    2006-08-14

    • status: open --> pending-fixed
     
  • Justin J
    Justin J
    2006-08-21

    • status: pending-fixed --> closed-fixed