Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

content 위젯의 RSS 리더 기능을 이용한 외부 리소스 실행 가능 취약점 (14-537) #1216

Closed
ghost opened this issue Jan 27, 2015 · 0 comments
Closed

content 위젯의 RSS 리더 기능을 이용한 외부 리소스 실행 가능 취약점 (14-537) #1216

ghost opened this issue Jan 27, 2015 · 0 comments
Labels
type/SECURITY
Milestone
1.7.10

Comments

@ghost
Copy link

ghost commented Jan 27, 2015

content 위젯의 RSS 리더 기능을 이용한 외부 리소스 실행 가능 취약점

  • 제보 : 한국인터넷진흥원
@ghost ghost self-assigned this Jan 27, 2015
@ghost ghost added this to the 1.7.10 milestone Jan 27, 2015
@ghost ghost added the type/SECURITY label Feb 4, 2015
@ghost ghost changed the title 14-537 content 위젯의 RSS 리더 기능을 이용한 외부 리소스 실행 가능 취약점 (14-537) Feb 4, 2015
ghost pushed a commit that referenced this issue Feb 4, 2015
fix #1216 SECISSUE 위젯 코드를 비활성하는 blockWidgetCode() 추가 및 `removeHackT…
15c3396 
…ag()`에 적용
ghost pushed a commit that referenced this issue Feb 4, 2015
fix #1216 SECISSUE
db557b8 
- content 위젯에서 콘텐츠를 담을 때 strip_tags() 적용
- RSS 콘텐츠를 가져올 때 XSS 취약점 문제 수정
- 제보 : 한국인터넷진흥원
@ghost ghost closed this as completed Feb 4, 2015
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/SECURITY
Projects
None yet
Milestone
1.7.10
Development

No branches or pull requests
0 participants