Details
-
Bug
-
Resolution: Cannot Reproduce
-
Major
-
None
-
3.1
-
Very hard
-
N/A
-
N/A
-
Description
This issue was reported by Vincent Colas, system administrator at ARCNAM Poitou-Charentes. He is located at the Universite de Poitiers - Sciences Fondamentales et Appliquées, and he is behind a firewall made by NETASQ (http://www.netasq.com/fr/produits-services/reseau.php).
On their side, the skin has a field containing the header.vm override to provide a slideshow header. When he modified this field of the skin, even by just adding a space or a comment, and only when this field has been modified, the firewall prevent the save action to be passed over. The browser either wait indefinitely on the ajax request or a return a blank page if it was a save and view.
The firewall report a XSS issue, an issue that many other CMS has and has fixed in the paste. The firewall provide the list of many concerned product: https://www.netasq.com/securitykb/fr/09ed8e1d1fb04bd7.html
Therefore, M. Colas kindly inform us of the issue to have it fixed.
I join to this issue:
- the content of the header.vm field
- the screenshot of the NETASQ report