Ticket #1152 (closed defect: fixed)

Opened 8 months ago

Last modified 8 months ago

Fix XSS vulnerability

Reported by: BrianKoontz Owned by: BrianKoontz
Priority: high Milestone:
Component: core Version: 1.3.4-p1
Severity: normal Keywords: security xss
Cc: dartar@…

Description (last modified by BrianKoontz) (diff)

(Reported by High-Tech Bridge Security Research)

Poorly-formed URLs can cause potentially malicious HTML to be displayed on a wikipage. This bug affects only those sites not using mod_rewrite.

Related Tickets

#1153 Fix XSS vulnerability (fixed in trunk)

Change History

Changed 8 months ago by BrianKoontz

(In [1896]) Fixes an XSS vulnerability for those sites not running mod_rewrite. Refs #1152

Changed 8 months ago by BrianKoontz

  • status changed from new to accepted
  • description modified (diff)

Changed 8 months ago by BrianKoontz

  • status changed from accepted to closed
  • resolution set to fixed

Changed 8 months ago by BrianKoontz

  • version changed from 1.3.4 to 1.3.4-p1

Changed 8 months ago by BrianKoontz

(In [1897]) Created in error. Refs #1152

Changed 8 months ago by BrianKoontz

(In [1898]) Fixes an XSS vulnerability for those sites not running mod_rewrite. Refs #1152

Changed 8 months ago by BrianKoontz

(In [1899]) Tagging security release 1.3.4-p1. Refs #1152

Changed 8 months ago by BrianKoontz

  • description modified (diff)

Changed 8 months ago by BrianKoontz

  • description modified (diff)
Note: See TracTickets for help on using tickets.