Menu

#156 XSS in login.php

v4.4
closed-fixed
security (1)
5
2015-01-10
2013-10-21
No

An XSS was found in login.php. But it requires to send malicious data via POST which makes it harder to exploit. E.g. it is not sufficient to click on a link.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726976

Discussion

  • Roland Gruber

    Roland Gruber - 2013-10-21

    Attached patch. Please see included install.txt for installation instructions.

     
  • Roland Gruber

    Roland Gruber - 2013-10-29
    • status: open --> closed-fixed