Sanitize prefix and suffix
grendzy - October 17, 2009 - 20:25
| Project: | microsummary |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs review |
| Issue tags: | Security improvements |
Description
Steps to reproduce:
-- Navigate to admin/settings/microsummary
-- for the microsummary prefix, enter the following:
alert("xss")
-- Navigate to /microsummary_posts
(this exploit requires the 'administer site configuration' permission, so the fix can be discussed publicly.)
| Attachment | Size |
|---|---|
| microsummary_xss.patch | 744 bytes |