Bug #35026 | XSS vulnerability on "url field" field | ||
---|---|---|---|
Submitted: | 4 Mar 2008 5:06 | Modified: | 4 Mar 2008 22:12 |
Reporter: | Diego Medina | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Websites: MySQLForge | Severity: | S1 (Critical) |
Version: | forge1.mysql.com | OS: | Any |
Assigned to: | CPU Architecture: | Any | |
Tags: | XSS |
[4 Mar 2008 5:06]
Diego Medina
[4 Mar 2008 5:49]
Valeriy Kravchuk
Thank you for a bug report.
[4 Mar 2008 22:12]
Jay Pipes
Escaped output using non-urlencoded, htmlentities in Smarty template, /templates/projects/project.tpl Patch in r382-83