Closed
Bug 403291
Opened 17 years ago
Closed 17 years ago
tiki-searchresults.php vulnerable to content injection
Categories
(support.mozilla.org :: Knowledge Base Software, task, P1)
support.mozilla.org
Knowledge Base Software
Tracking
(Not tracked)
VERIFIED
FIXED
0.2
People
(Reporter: rflint, Assigned: nkoth)
References
()
Details
(Whiteboard: tiki_test)
See the URL field for an example. This script currently doesn't sanitize quotes or HTML, allowing an attacker to display their own content in the search results.
Comment 1•17 years ago
|
||
Nelson, can you take a look at this?
Assignee: nobody → nelson
Priority: -- → P1
Target Milestone: --- → 0.2
Comment 2•17 years ago
|
||
Fixed in support-stage, will be included in the next sync.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Comment 3•17 years ago
|
||
Turns out this was fixed on support.mozilla.com already.
Status: RESOLVED → VERIFIED
Updated•16 years ago
|
Group: webtools-security → websites-security
Updated•16 years ago
|
Group: websites-security
Updated•16 years ago
|
Group: websites-security
Updated•15 years ago
|
Whiteboard: tiki_triage
Updated•15 years ago
|
Whiteboard: tiki_triage → tiki_test
Comment 4•8 years ago
|
||
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•