Opened 16 years ago
Closed 16 years ago
#9917 closed defect (bug) (invalid)
SECURITY VULNERABILITY
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | highest omg bbq | |
| Severity: | critical | Version: | 2.7.1 |
| Component: | General | Keywords: | |
| Focuses: | Cc: |
Description
Comments have a huge vulnerability
<script language="javascript">alert('Security');</script>
This set off a problem when someone was testing for me.
anything that uses javascript does it
htmlentities would protect it
This totally screwed up my categories with just a test.
Change History (1)
Note: See
TracTickets for help on using
tickets.
Only users that have the unfiltered_html capability can do this.