Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#622 Cross-site scripting vulnerability.

closed-fixed
None
9
2002-04-16
2002-04-16
No

If the html message contains a <<script sequence, it
will get past the html filters and be executed by the
browser, leading to possible session hijacking and
other nastiness.

Discussion

  • Logged In: YES
    user_id=147248

    Fix is in place. MagicHTML should be redone, period.

     
    • status: open --> closed-fixed