Project

General

Profile

Bug #5095

XSS vulnerability - through url

Added by Erhan Aydın over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
High
Assignee:
Target version:
Start date:
07/13/2016
Due date:
% Done:

0%

Estimated time:

Description

I can run scripts through url (tested on Mozilla Firefox):

https://www.webtoolkit.eu/wt/'\"--->

alert("boom")

#1

Updated by Erhan Aydın over 5 years ago

Unescaped url (as pasted on address bar)

https://www.webtoolkit.eu/wt/'"--></style></scRipt><scRipt>alert("boom")</scRipt>

#2

Updated by Koen Deforche over 5 years ago

  • Status changed from New to Implemented @Emweb
  • Assignee set to Koen Deforche

Oops. This exists since version 3.2.0.

#3

Updated by Koen Deforche over 5 years ago

  • Status changed from Implemented @Emweb to Resolved
#4

Updated by Koen Deforche over 5 years ago

  • Status changed from Resolved to Closed
  • Target version set to 3.3.6

Also available in: Atom PDF