View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000207 | Main CAcert Website | source code | public | 2006-04-16 10:53 | 2013-11-20 22:23 |
| Reporter | blshkv | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 2009 Q2 | ||||
| Summary | 0000207: [security bug] cross site scripting | ||||
| Description | XSS in the follow files: https://www.test1.cacert.at/ac.php?id=<script>alert('xss')</script> https://www.test1.cacert.at/account/50.php?userid="><script>alert('XSS')</script> the same with "email" parameter. | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
|
|
files moved out of webroot + ac.php updated to use intval() |
|
|
Change not yet visible in tarball. |
|
|
Bug had been fixed. |
|
|
Closing issues that have been resolved more than one year ago… |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2006-04-16 10:53 | blshkv | New Issue | |
| 2006-04-21 06:46 | duane | Status | new => closed |
| 2006-04-21 06:46 | duane | Note Added: 0000166 | |
| 2006-04-21 06:46 | duane | Resolution | open => fixed |
| 2006-04-21 06:46 | duane | Fixed in Version | => production |
| 2006-04-24 05:40 |
|
Note Added: 0000195 | |
| 2006-04-24 05:40 |
|
Assigned To | => bluec |
| 2006-04-24 05:40 |
|
Status | closed => needs work |
| 2009-04-26 16:31 | Sourcerer | Note Added: 0001384 | |
| 2009-04-26 16:31 | Sourcerer | Assigned To | bluec => |
| 2009-04-26 16:31 | Sourcerer | Status | needs work => solved? |
| 2012-05-30 21:17 | NEOatNHNG | Note Added: 0003040 | |
| 2012-05-30 21:17 | NEOatNHNG | Status | solved? => closed |
| 2013-01-14 08:05 | Werner Dworak | Fixed in Version | => 2009 Q2 |
| 2013-11-20 22:23 | NEOatNHNG | View Status | private => public |
