#4492 (ok 4.2.6) XSS in AJAX confirmation messages

4.0.10
fixed
Marc Delisle
None
1
2014-07-17
2014-07-16
Marc Delisle
No

As reported by Madhura Jayaratne. Happens when having an IMG tag in a table name or column name.

"Try dropping the column from
table structure and try dropping or truncating the table from table
operations page. In both cases AJAX confirmation pop up causes XSSes."

Discussion

  • Marc Delisle
    Marc Delisle
    2014-07-17

    • summary: XSS in AJAX confirmation messages --> (ok 4.2.6) XSS in AJAX confirmation messages
    • status: open --> fixed
    • private: Yes --> No
    • Priority: 5 --> 1