Project

General

Profile

Actions
Copy link

Bug #5095

closed

XSS vulnerability - through url

Added by Erhan Aydın almost 8 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
High
Assignee:
Koen Deforche
Target version:
3.3.6
Start date:
07/13/2016
Due date:
% Done:

0%

Estimated time:

Description

I can run scripts through url (tested on Mozilla Firefox):

https://www.webtoolkit.eu/wt/'\"--->

alert("boom")

Actions
Copy link
 #1

Updated by Erhan Aydın almost 8 years ago

Unescaped url (as pasted on address bar)

https://www.webtoolkit.eu/wt/'"--></style></scRipt><scRipt>alert("boom")</scRipt>

Actions
Copy link
 #2

Updated by Koen Deforche almost 8 years ago

  • Status changed from New to Implemented @Emweb
  • Assignee set to Koen Deforche

Oops. This exists since version 3.2.0.

Actions
Copy link
 #3

Updated by Koen Deforche almost 8 years ago

  • Status changed from Implemented @Emweb to Resolved
Actions
Copy link
 #4

Updated by Koen Deforche almost 8 years ago

  • Status changed from Resolved to Closed
  • Target version set to 3.3.6
Actions
Copy link

Also available in: Atom PDF