 |
|
Item13739: LoginName is not validated and presents XSS path.
Priority: Security
Current State: Closed
Released In: 2.0.2
Target Release: patch
Current State: Closed
Released In: 2.0.2
Target Release: patch
- Registration parameters are now all entity encoded. Previously there was some encoding done, but it was insufficient to block all XSS paths.
- The xss path during login was in the generation of an error message. That path is now blocked.
ItemTemplate edit
| Summary | LoginName is not validated and presents XSS path. |
| ReportedBy | GeorgeClark |
| Codebase | 2.0.1, 2.0.0 |
| SVN Range | |
| AppliesTo | Engine |
| Component | LoginManager |
| Priority | Security |
| CurrentState | Closed |
| WaitingFor | |
| Checkins | distro:84f4ba6dffef distro:0e35357c4b8c distro:1f82ab0cc4d3 |
| TargetRelease | patch |
| ReleasedIn | 2.0.2 |
| CheckinsOnBranches | master |
| trunkCheckins | |
| masterCheckins | distro:84f4ba6dffef distro:0e35357c4b8c distro:1f82ab0cc4d3 |
| ItemBranchCheckins | |
| Release01x01Checkins |
Edit | Attach | Print version | History: r8 < r7 < r6 < r5 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r8 - 10 Oct 2015, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. 
Legal Imprint Privacy Policy
Legal Imprint Privacy Policy