-
Notifications
You must be signed in to change notification settings - Fork 719
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix #11229: Fix tagging XSS scripting vulnerabilities
Tag names and descriptions were not properly sanitised before being written to HTML output. This meant that it was possible for users to create tags containing Javascript that is executed on every load of view_all_bug_page (and elsewhere) for all users. Thanks to Michel Arboi from Tenable Network Security (Nessus) for reporting this issue.
- Loading branch information
1 parent
60a4d24
commit 70b5022
Showing
4 changed files
with
13 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters