Ticket #2243 (closed defect: fixed)
XSS issus
| Reported by: | phantom | Owned by: | team |
|---|---|---|---|
| Priority: | normal | Milestone: | 2.12 |
| Component: | module:admin | Version: | 2.11.2 |
| Severity: | normal | Keywords: | XSS |
| Cc: |
Description
An XSS issue was discovered in Dotclear through 2.11.2.
[Suggested description] use HTMLescape or filter before storing into the database
[Vulnerability Type] Cross Site Scripting (XSS)
[Affected Product Code Base] Dotclear - v2.11.2
[Affected Component] /admin/blog_pref.php In line 390 $file = $blog_url.$core->url->getURLFor('feed','atom'); In line 407 sprintf(('The URL of blog or the URL scan method might not be well set (<code>%s</code> return a <strong>%s</strong> status).')
Change History
Note: See
TracTickets for help on using
tickets.
(In [f1486a90d72b]) Fix potential XSS, closes #2243