Help save net neutrality! Learn more.
Close

#745 XSS vulnerability in tracking tab

closed-out-of-date
Interface (183)
7
2012-04-25
2012-04-25
No

Lines 393 to 395 and 517 to 520 data is echoed from $_REQUEST without sanitisation. Fixed this with a simple htmlentities;

Discussion

  • Paul da Silva

    Paul da Silva - 2012-04-25

    repaired version

     
  • Paul da Silva

    Paul da Silva - 2012-04-25
    • priority: 5 --> 7
     
  • Madhura Jayaratne

    • assigned_to: nobody --> madhuracj
    • status: open --> closed-out-of-date