Closed
Bug 403291
Opened 17 years ago
Closed 17 years ago
tiki-searchresults.php vulnerable to content injection
Categories
(support.mozilla.org :: Knowledge Base Software, task, P1)
support.mozilla.org
Knowledge Base Software
Tracking
(Not tracked)
VERIFIED
FIXED
0.2
People
(Reporter: rflint, Assigned: nkoth)
References
()
Details
(Whiteboard: tiki_test)
See the URL field for an example. This script currently doesn't sanitize quotes or HTML, allowing an attacker to display their own content in the search results.
|
||
Comment 1•17 years ago
|
||
Nelson, can you take a look at this?
Assignee: nobody → nelson
Priority: -- → P1
Target Milestone: --- → 0.2
|
|
||
Comment 2•17 years ago
|
||
Fixed in support-stage, will be included in the next sync.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
|
|
||
Comment 3•17 years ago
|
||
Turns out this was fixed on support.mozilla.com already.
Status: RESOLVED → VERIFIED
|
||
Updated•16 years ago
|
Group: webtools-security → websites-security
|
|
||
Updated•16 years ago
|
Group: websites-security
|
|
||
Updated•16 years ago
|
Group: websites-security
|
|
||
Updated•15 years ago
|
Whiteboard: tiki_triage
|
||
Updated•15 years ago
|
Whiteboard: tiki_triage → tiki_test
|
||
Comment 4•8 years ago
|
||
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•