Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Blocker
Fix Version/s: 14.4.6, 14.9, 13.10.10
Affects Version/s: 1.9 M2
Component/s: Flamingo Skin, Web - Templates & Resources
Labels:

Development Priority:
Low
Difficulty:
Hard
Documentation:
N/A
Documentation in Release Notes:
N/A
Similar issues:

Description

There is a reflected xss vulnerability because of unfiltered response values.

All input values (GET/URL parameters) are responded unfiltered.
Although the browser does not interpret potential harmful JS code, it could be used in complex attacks.

Is there already a solution?

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

wiki-s4-request.png
19/Apr/18 18:07
22 kB
Laura Volmari
wiki-s4-response_02.png
19/Apr/18 18:08
153 kB
Laura Volmari

Issue Links

links to

GitHub Security advisory

Activity

People

Assignee:: Michael Hamann

Reporter:: Laura Volmari

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 19/Apr/18 18:04

Updated:: 12/Apr/23 13:51

Resolved:: 18/Oct/22 16:54

Date of First Response:: 20/Apr/18 10:35 AM