bBlog

Tracker: Bugs

5 few security vulnerabilities - ID: 1188735

Last Update: Comment added ( xushi )

Details:

in 0.7.4:

The blog entry title field seems prone to cross site scripting (XSS)
attacks.

The blog/comment body text seems prone to XSS as well.

In the index.php script, the postid variable seems prone to SQL injection
attacks.

jericho+bblog@attrition.org

Submitted:

Nobody/Anonymous ( nobody ) - 2005-04-23 21:30

Priority:

Status:

Open

Resolution:

None

Assigned:

Nobody/Anonymous

Category:

None

Group:

0.7-cvs

Visibility:

Public

Comment ( 1 )

Date: 2005-05-30 14:03 Sender: xushi Logged In: YES user_id=1037458 Could you be a bit more elaborative on this matter? Try and stick to the forum, irc, or flyspray, so that i along with the others can see into this matter. Thanks.

bBlog

Tracker: Bugs

Comment ( 1 )

Log in to comment.

Attached File

No Files Currently Attached

Change

No changes have been made to this artifact.

About SourceForge

Find Software

Develop Software

Community

Help