New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiples XSS in index.php #134
Comments
|
Thanks @jvoisin for reporting. What are your suggestions to fix this? What about the 4th: How severe would that be? This functionality is only available for the logged-in user who wants to export his bookmarks, could such an export file be classified as XSS (i.e. is there "scripting" in bookmark files)? About the last 2 (I suppose copy/paste didn't work properly for the last one?), what would one be able to inject with the variables $filename, $filesize and $import_count? Let's come up with a patch to plug these holes! |
|
Closed by commit 53da201 |
|
Just as an FYI, this security issue got a CVE (Common Vulnerabilities and Exposures) ID assigned: CVE-2013-7351. |
This is already fixed upstream: sebsauvage/Shaarli#134
Line 945:
Line 1030:
Line 1107:
Line 1614:
Line 1750:
Line 1754
The text was updated successfully, but these errors were encountered: