You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@allura.apache.org by Dave Brondsema <da...@brondsema.net> on 2019/07/16 15:43:51 UTC

[allura:tickets] #8315 XSS when adding another user to a project

- **private**: Yes --> No



---

** [tickets:#8315] XSS when adding another user to a project**

**Status:** closed
**Milestone:** v1.11.1
**Created:** Wed Jul 10, 2019 03:55 PM UTC by Dave Brondsema
**Last Updated:** Mon Jul 15, 2019 03:27 PM UTC
**Owner:** nobody


When adding a user to a project, the user's display name is not escaped.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.