gnuheter-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnuheter-dev] [Bug #2890] docs.php XSS

From: nobody
Subject: [Gnuheter-dev] [Bug #2890] docs.php XSS
Date: Fri, 21 Mar 2003 06:55:51 -0500 
=================== BUG #2890: FULL BUG SNAPSHOT ===================
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=2890&group_id=2176

Submitted by: metaur                  Project: Gnuheter                     
Submitted on: Fri 03/21/03 at 11:55
Category:  Bug                        Severity:  5 - Major                  
Bug Group:  None                      Resolution:  None                     
Assigned to:  None                    Status:  Open                         

Summary:  docs.php XSS

Original Submission:  docs.php har ett Cross-Site Scripting-problem. Begrunda 
följande URL:

http://gnuheter.org/docs.php?config=1&sitename=%3cscript%3ealert%2857%29%3c%2fscript%3e

Det fixas enkelt genom att ändra if (!config) include.. till bara include.




No Followups Have Been Posted


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=2890&group_id=2176
reply via email to
[Prev in Thread] Current Thread [Next in Thread]