[MGNLSD-175] Cross Site Scripting Vulnerability (XSS) in Search Created: 14/Apr/08  Updated: 05/Aug/15  Resolved: 10/Jul/08

Status: Closed
Project: Sitedesigner (closed)
Component/s: None
Affects Version/s: 1.1.4
Fix Version/s: 1.1.7

Type: Bug Priority: Major
Reporter: Philipp Bärfuss Assignee: Tom Wespi
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relation
is related to MAGNOLIA-590 Cross Site Scripting Vulnerability (X... Closed
is related to MAGNOLIA-2111 Cross Site Scripting Vulnerability (X... Closed
Template:
Acceptance criteria:
Empty
Date of First Response:

 Description   

Search for <script>alert('XSS')</script> and you see that the js code is executed. Please use the same fix as provided in the samples: MAGNOLIA-590



 Comments   
Comment by Tom Wespi [ 15/Apr/08 ]

resolved in trunk

Generated at Mon Feb 12 10:55:49 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.