xss via un-escaped page name
Bug #706478 reported by
dave b.
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MemberDB |
Fix Released
|
Critical
|
Stewart Smith |
Bug Description
xss via un-escaped page name.
A non-persistent xss bug in memberdb exists in page field.
For example going to a page like http://
will result in an alert dialogue containing the number 1 appearing.
The page field should be escaped.
Related branches
Changed in memberdb: | |
status: | New → Fix Released |
visibility: | private → public |
To post a comment you must log in.
Thanks! I'll get to this very shortly.