Menu

#2594 (ok 2.11.2.2) XSS on login page

fixed
None
1
2013-06-11
2007-11-20
No

In libraries/auth/cookie.auth.lib.php, the value of $GLOBALS['convcharset'] is not sanitized.

Discussion

  • Marc Delisle

    Marc Delisle - 2007-11-20
    • priority: 5 --> 1
    • summary: XSS on login page --> (ok 2.11.2.2) XSS on login page
    • status: open --> open-fixed
     
  • Marc Delisle

    Marc Delisle - 2007-11-20

    Patch for 2.11.2.1

     
  • Marc Delisle

    Marc Delisle - 2007-11-20

    Logged In: YES
    user_id=210714
    Originator: YES

    File Added: bug1835123.patch

     
  • Marc Delisle

    Marc Delisle - 2007-11-20
    • status: open-fixed --> closed-fixed
     
  • Michal Čihař

    Michal Čihař - 2013-06-11
    • Status: closed-fixed --> fixed