| Bug #35014 | XSS vulnerability on "project name" field | ||
|---|---|---|---|
| Submitted: | 3 Mar 2008 21:28 | Modified: | 4 Mar 2008 22:13 |
| Reporter: | Diego Medina | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Websites: MySQLForge | Severity: | S1 (Critical) |
| Version: | forge1.mysql.com | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
| Tags: | XSS | ||
[3 Mar 2008 21:28]
Diego Medina
[3 Mar 2008 21:54]
Sveta Smirnova
Thank you for the report. Verified as described.
[3 Mar 2008 21:54]
Jay Pipes
A number of possible XSS attack vectors fixed in r379. [505][jpipes@serialcoder: /home/jpipes/dev/sites/forge.mysql.org/work]$ svn commit templates/ -m "Various unescaped output resulted in possible XSS attack vectors. Fixes Bug #34950 XSS vulnerability on 'display name' field and Bug #35014 XSS vulnerability on 'project name' field" jpipes2@forge1.mysql.com's password: Sending templates/people/edit.tpl Sending templates/people/person-contributed-mwpages.tpl Sending templates/people/person-contributed-projects.tpl Sending templates/people/person-contributed-tools.tpl Sending templates/projects/newest.tpl Sending templates/projects/project.tpl Sending templates/projects/top-rated.tpl Sending templates/tools/newest.tpl Sending templates/tools/snippet.tpl Sending templates/tools/top-rated.tpl Transmitting file data .......... Committed revision 379.
[4 Mar 2008 5:02]
Diego Medina
There is at least one more page that needs to be escaped visit this link http://forge1.mysql.com/projects/search.php?sortby=added_on&sortorder=desc it will show you a javascript popup
[4 Mar 2008 5:03]
Diego Medina
the top rated page as well http://forge1.mysql.com/projects/search.php?sortby=rating&sortorder=desc and browse projects page http://forge1.mysql.com/projects/search.php
[4 Mar 2008 22:13]
Jay Pipes
Fixed in r382-83. Escaped output properly.
