You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by "Anil Gangolli (JIRA)" <ji...@apache.org> on 2008/12/17 18:04:19 UTC
[jira] Updated: (ROL-1766) Cross-site scripting vulnerability in
Roller search term treatment
[ https://issues.apache.org/roller/browse/ROL-1766?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anil Gangolli updated ROL-1766:
-------------------------------
Affects Version/s: 2.3
3.0
> Cross-site scripting vulnerability in Roller search term treatment
> ------------------------------------------------------------------
>
> Key: ROL-1766
> URL: https://issues.apache.org/roller/browse/ROL-1766
> Project: Roller
> Issue Type: Bug
> Components: Search
> Affects Versions: 2.3, 3.0, 3.1, 4.0
> Environment: any
> Reporter: Anil Gangolli
> Assignee: Roller Unassigned
>
> The search term submitted to Roller as the value of the "q" parameter on search requests (/search?q=query+terms) is echoed back in the default search form without escaping HTML tags.
> This can be converted to a cross-site scripting attack.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.