View Issue Details

IDProjectCategoryView StatusLast Update
0000320Adventure PHP FrameworkSicherheit // Securitypublic2017-08-27 21:01
Reporterthalo1Assigned ToChristianAchatz 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version3.3 
Target Version3.4Fixed in Version3.4 
Summary0000320: Comments modul is vulnerable to XSS attacks
DescriptionCreate an entry with this content:

<script>alert("This could be an XSS attack!");</script>

You will see a dialog every time you open the page.
TagsNo tags attached.
Codereferenz: ([Datei]:[Zeile])
Namespacemodules

Activities

ChristianAchatz

2017-08-27 21:01

administrator   ~0000786

Implemented XSS protection. See commit https://github.com/AdventurePHP/code/commit/9475006e55b5583341e24a4fa953919a772a995d for details.

Issue History

Date Modified Username Field Change
2017-08-21 12:06 thalo1 New Issue
2017-08-22 14:01 ChristianAchatz Assigned To => ChristianAchatz
2017-08-22 14:01 ChristianAchatz Status new => assigned
2017-08-27 21:01 ChristianAchatz Note Added: 0000786
2017-08-27 21:01 ChristianAchatz Status assigned => resolved
2017-08-27 21:01 ChristianAchatz Fixed in Version => 3.4
2017-08-27 21:01 ChristianAchatz Resolution open => fixed
2017-08-27 21:01 ChristianAchatz Product Version => 3.3
2017-08-27 21:01 ChristianAchatz Target Version => 3.4