Link can modify site
Bug #795565 reported by
Lars Vierbergen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
RemoteCP Panel | Status tracked in Trunk | |||||
1.x |
Won't Fix
|
Critical
|
Lars Vierbergen | |||
Trunk |
Fix Released
|
Critical
|
Lars Vierbergen |
Bug Description
Because most AJAX requests are GET, a malicious website can link to a remotecp url with e.g. the command to delete a section
with just a link to http://
This should absolutely be prevented
visibility: | private → public |
To post a comment you must log in.
It is to difficult to fix in 1.x