Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Jan 7, 2011
  1. @davidhicks
Commits on Dec 1, 2009
  1. @davidhicks

    Fix #11237: XSS on tag_view_page.php with user Real Name field

    davidhicks authored
    The user real name field is not sanitised before being printed on
    tag_view_page.php thus exposing an XSS vulnerability.
  2. @davidhicks

    Fix #11229: Fix tagging XSS scripting vulnerabilities

    davidhicks authored
    Tag names and descriptions were not properly sanitised before being
    written to HTML output. This meant that it was possible for users to
    create tags containing Javascript that is executed on every load of
    view_all_bug_page (and elsewhere) for all users.
    Thanks to Michel Arboi from Tenable Network Security (Nessus) for
    reporting this issue.
Commits on Sep 4, 2009
  1. @davidhicks

    Fix #10903: hide_status_id is hardcoded for links from tag_view_page.php

    davidhicks authored
    The links on tag_view_page.php to view issues with a certain related tag
    have a hardcoded value of 90 for hide_status_id. We shouldn't actually
    be specifying hide_status_id at all, because we can just use the
Commits on Jul 6, 2009
  1. @davidhicks
Something went wrong with that request. Please try again.