Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
escape target error message (SECURITY) FS#2487 FS#2488
The error message when a non-existant editor was tried to load wasn't escaped correctly, allowing to introduce arbitrary JavaScript to the output, leading to a XSS vulnerability. Note: the reported second XCRF vulnerability is the same bug, the xploit code simply uses JavaScript to extract a valid CSRF token from the site
- Loading branch information
ff71173
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CVE-identifiers assigned in this thread: http://seclists.org/oss-sec/2012/q2/162
CVE-2012-2128/CVE-2012-2129