roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anil Gangolli (JIRA)" <j...@apache.org>
Subject [jira] Created: (ROL-1766) Cross-site scripting vulnerability in Roller search term treatment
Date Wed, 17 Dec 2008 17:00:19 GMT
Cross-site scripting vulnerability in Roller search term treatment
------------------------------------------------------------------

                 Key: ROL-1766
                 URL: https://issues.apache.org/roller/browse/ROL-1766
             Project: Roller
          Issue Type: Bug
          Components: Search
    Affects Versions: 4.0, 3.1
         Environment: any
            Reporter: Anil Gangolli
            Assignee: Roller Unassigned



The search term submitted to Roller as the value of the "q" parameter on search requests (/search?q=query+terms)
is echoed back in the default search form without escaping HTML tags.

This can be converted to a cross-site scripting attack.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message