XSS cross scripting context.restrictedTraverse
Bug #502572 reported by
olpat
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope 2 |
Invalid
|
Undecided
|
Unassigned |
Bug Description
considere two zope folders:
one-----
|
two |
In folder one i have a python script that use:
fold_one=
with a parameter id in the parameter list:
I can retrieve two with this:
fold_two=fold_one [id] when i submit in my browser:
http://
but i can make a crossscripting attempt with:
http://
I have verified this in zope 2.11.4, zope 2.9.6
To post a comment you must log in.
you don't have to return anything from the script. Only the line: fold_one[ id]
fold_two=
returns a page with the javascript code.