Menu

#69 problem with links - security hole

open
nobody
None
5
2012-09-14
2003-02-28
Anonymous
No

lines like

http://www.google.de/"onmouseover="parent.runCmd('pr
omote','username');"style="left:0;top:0;color:#CCCCCC;b
ackground:#CCCCCC;font-size:0px;width:100%;height:4p
x;display:block;"//

are changed to one link and so can become dangerous.

This one is a gray (invisible) 4px high line that makes any
Moderator crossing it (OnMouseOver) promote the user
called username.

I just tested this with 0.14.2 using Internet Explorer, but
I expect this to work even in the latest release.

Discussion

Anonymous
Anonymous

Add attachments
Cancel





Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.