#210 - multiple xss vulns
Type Defect
Status Closed
Milestone 2.3.2
Version 2.2
Component -
Priority Highest
Severity Blocker
Owner stetus
Assigned to Jack
Reported 13 years ago
Updated 10 years ago
Votes 0
Related tickets
Proposed time
Worked time

Are there any input validations?

There are XSS vulns all over the site. At least while viewing a ticket <title>XXX</title>, <input type="text" name="summary" value="XXX" /> and the eMail input field in UserCP are not checked at all.

I stopped testing here because of acute disbelieve. I hope I got something very wrong..

Ticket History

Jack closed as Closed 12 years and 7 months ago

12 years and 2 months ago by Jack

  • Milestone 3.0 2.3.2