Ticket #1153 (closed defect: fixed)

Opened 8 months ago

Last modified 8 months ago

Fix XSS vulnerability

Reported by: BrianKoontz Owned by: BrianKoontz
Priority: high Milestone: 1.4
Component: core Version: trunk
Severity: normal Keywords: security xss
Cc: dartar@…

Description (last modified by BrianKoontz) (diff)

(Reported by High-Tech Bridge Security Research)

Poorly-formed URLs can cause potentially malicious HTML to be displayed on a wikipage. This bug affects only those sites not using mod_rewrite.

Related Tickets

#1152 Fix XSS vulnerability (patch released 31Aug as 1.3.4-p1)

Change History

Changed 8 months ago by BrianKoontz

  • description modified (diff)

Changed 8 months ago by BrianKoontz

(In [1900]) Fixed XSS vulnerability, affects only sites not running under mod_rewrite. Refs #1153

Changed 8 months ago by BrianKoontz

  • cc dartar@… added
  • status changed from new to closed
  • resolution set to fixed
Note: See TracTickets for help on using tickets.