[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnuheter-dev] [Bug #2890] docs.php XSS
From: |
nobody |
Subject: |
[Gnuheter-dev] [Bug #2890] docs.php XSS |
Date: |
Fri, 21 Mar 2003 06:55:51 -0500 |
=================== BUG #2890: FULL BUG SNAPSHOT ===================
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=2890&group_id=2176
Submitted by: metaur Project: Gnuheter
Submitted on: Fri 03/21/03 at 11:55
Category: Bug Severity: 5 - Major
Bug Group: None Resolution: None
Assigned to: None Status: Open
Summary: docs.php XSS
Original Submission: docs.php har ett Cross-Site Scripting-problem. Begrunda
följande URL:
http://gnuheter.org/docs.php?config=1&sitename=%3cscript%3ealert%2857%29%3c%2fscript%3e
Det fixas enkelt genom att ändra if (!config) include.. till bara include.
No Followups Have Been Posted
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=2890&group_id=2176
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Gnuheter-dev] [Bug #2890] docs.php XSS,
nobody <=