Tracker: Bugs
9
Security: [img] tags emit raw text for invalid URLs - ID: 2809888
Last Update: Settings changed ( phantom-inker )
[img] tags, when they find a URL that's not valid, are supposed to emit a plaintext version of the original contents. They do this, but they fail to encode the HTML, so that it's possible to inject raw HTML into the output via [img] tags. This allows XSS, redirection, and other cookie-stealing attacks against end-users.
phantom-inker
Bug fix
None
Public
Comment ( 1 )
|
Date: 2009-06-21 07:58:51 PDT This has been fixed in release v1.4.2. |
Attached File
No Files Currently Attached
Changes ( 4 )
| Field | Old Value | Date | By |
|---|---|---|---|
| status_id | Open | 2009-06-21 07:58:52 PDT | phantom-inker |
| resolution_id | None | 2009-06-21 07:58:52 PDT | phantom-inker |
| allow_comments | 1 | 2009-06-21 07:58:52 PDT | phantom-inker |
| close_date | - | 2009-06-21 07:58:52 PDT | phantom-inker |