#156 XSS in login.php

v4.4
closed-fixed
security (1)
5
2015-01-10
2013-10-21
No

An XSS was found in login.php. But it requires to send malicious data via POST which makes it harder to exploit. E.g. it is not sufficient to click on a link.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726976

Discussion

  • Roland Gruber

    Roland Gruber - 2013-10-21

    Attached patch. Please see included install.txt for installation instructions.

     
  • Roland Gruber

    Roland Gruber - 2013-10-29
    • status: open --> closed-fixed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks