Potential JS injection in Manage Places/Events #578

New issue

Closed

opened 2012-02-21 12:36:20 +00:00 by rlx · 1 comment

rlx commented 2012-02-21 12:36:20 +00:00

Owner

Copy link

If you enter <script>alert('JS injection')</script> as name or alternative name, the map/calendar will execute this as JS.

Saving seems to be fixed, so dialogs will go after reload.

If you enter `<script>alert('JS injection')</script>` as name or alternative name, the map/calendar will execute this as JS. Saving seems to be fixed, so dialogs will go after reload.

rlx added the

general

label 2012-02-21 12:36:20 +00:00

rlx added this to the 12.03 milestone 2012-02-21 12:36:20 +00:00

0x2620 was assigned by rlx 2012-02-21 12:36:20 +00:00

rlx added the

critical

defect

labels 2012-02-21 12:36:20 +00:00

rlx commented 2012-02-21 13:14:23 +00:00

Author

Owner

Copy link

Moving JS injection issues to #579.

Moving JS injection issues to #579.

rlx added the

duplicate

label 2012-02-21 13:14:23 +00:00

rlx closed this issue 2012-02-21 13:14:23 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

stable

No results found.

Labels

Clear labels   

backend

  

critical

  

defect

  

duplicate

  

enhancement

  

fixed

  

frontend

  

general

  

invalid

  

major

  

minor

  

normal

  

oxjs

  

pandora_client

  

python-ox

  

task

  

trivial

  

wontfix

  

worksforme

No labels

backend

critical

defect

duplicate

enhancement

fixed

frontend

general

invalid

major

minor

normal

oxjs

pandora_client

python-ox

task

trivial

wontfix

worksforme

Milestone

Clear milestone

No items

No milestone

12.03

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

0x2620

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: 0x2620/pandora#578

No description provided.