Bug #35015 | XSS vulnerability on "title" field | ||
---|---|---|---|
Submitted: | 3 Mar 2008 21:31 | Modified: | 3 Mar 2008 21:55 |
Reporter: | Diego Medina | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Websites: MySQLForge | Severity: | S1 (Critical) |
Version: | forge1.mysql.com | OS: | Any |
Assigned to: | CPU Architecture: | Any | |
Tags: | XSS |
[3 Mar 2008 21:31]
Diego Medina
[3 Mar 2008 21:52]
Sveta Smirnova
Thank you for the report. Verified as described.
[3 Mar 2008 21:55]
Jay Pipes
A number of possible XSS attack vectors fixed in r379. [505][jpipes@serialcoder: /home/jpipes/dev/sites/forge.mysql.org/work]$ svn commit templates/ -m "Various unescaped output resulted in possible XSS attack vectors. Fixes Bug #34950 XSS vulnerability on 'display name' field and Bug #35014 XSS vulnerability on 'project name' field" jpipes2@forge1.mysql.com's password: Sending templates/people/edit.tpl Sending templates/people/person-contributed-mwpages.tpl Sending templates/people/person-contributed-projects.tpl Sending templates/people/person-contributed-tools.tpl Sending templates/projects/newest.tpl Sending templates/projects/project.tpl Sending templates/projects/top-rated.tpl Sending templates/tools/newest.tpl Sending templates/tools/snippet.tpl Sending templates/tools/top-rated.tpl Transmitting file data .......... Committed revision 379.
[3 Mar 2008 21:55]
Jay Pipes
A number of possible XSS attack vectors fixed in r379. [505][jpipes@serialcoder: /home/jpipes/dev/sites/forge.mysql.org/work]$ svn commit templates/ -m "Various unescaped output resulted in possible XSS attack vectors. Fixes Bug #34950 XSS vulnerability on 'display name' field and Bug #35014 XSS vulnerability on 'project name' field" jpipes2@forge1.mysql.com's password: Sending templates/people/edit.tpl Sending templates/people/person-contributed-mwpages.tpl Sending templates/people/person-contributed-projects.tpl Sending templates/people/person-contributed-tools.tpl Sending templates/projects/newest.tpl Sending templates/projects/project.tpl Sending templates/projects/top-rated.tpl Sending templates/tools/newest.tpl Sending templates/tools/snippet.tpl Sending templates/tools/top-rated.tpl Transmitting file data .......... Committed revision 379.