MySQL Bugs: #35026: XSS vulnerability on "url field" field

Bug #35026	XSS vulnerability on "url field" field
Submitted:	4 Mar 2008 5:06	Modified:	4 Mar 2008 22:12
Reporter:	Diego Medina	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Websites: MySQLForge	Severity:	S1 (Critical)
Version:	forge1.mysql.com	OS:	Any
Assigned to:		CPU Architecture:	Any
Tags:	XSS

View
Add Comment
Files
Developer
Edit Submission
View Progress Log
Contributions

Description:
More XSS vulnerabilities similar to
http://bugs.mysql.com/bug.php?id=35014

How to repeat:
go here
http://forge1.mysql.com/projects/project.php?id=261

Thank you for a bug report.

Escaped output using non-urlencoded, htmlentities in Smarty template, /templates/projects/project.tpl

Patch in r382-83