Marc Delisle
-
2014-07-17
- summary: XSS in AJAX confirmation messages --> (ok 4.2.6) XSS in AJAX confirmation messages
- status: open --> fixed
- private: Yes --> No
- Priority: 5 --> 1
As reported by Madhura Jayaratne. Happens when having an IMG tag in a table name or column name.
"Try dropping the column from
table structure and try dropping or truncating the table from table
operations page. In both cases AJAX confirmation pop up causes XSSes."