MemberDB

xss via un-escaped page name

Bug #706478 reported by dave b. on 2011-01-23

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	MemberDB	Fix Released	Critical	Stewart Smith

Bug Description

xss via un-escaped page name.
A non-persistent xss bug in memberdb exists in page field.
For example going to a page like http://example.com/$path.. /index.php?page=index"<script>alert(1);</script>
will result in an alert dialogue containing the number 1 appearing.
The page field should be escaped.

Tags:

Related branches

lp:memberdb

Revision history for this message

Stewart Smith (stewart) wrote on 2011-01-23:

Thanks! I'll get to this very shortly.

Changed in memberdb:
importance:	Undecided → Critical
assignee:	nobody → Stewart Smith (stewart)

Stewart Smith (stewart) on 2011-02-04

Changed in memberdb:
status:	New → Fix Released
visibility:	private → public

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.