View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000207 | Main CAcert Website | source code | public | 2006-04-16 10:53 | 2013-11-20 22:23 |
Reporter | blshkv | Assigned To | |||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Fixed in Version | 2009 Q2 | ||||
Summary | 0000207: [security bug] cross site scripting | ||||
Description | XSS in the follow files: https://www.test1.cacert.at/ac.php?id=<script>alert('xss')</script> https://www.test1.cacert.at/account/50.php?userid="><script>alert('XSS')</script> the same with "email" parameter. | ||||
Tags | No tags attached. | ||||
Reviewed by | |||||
Test Instructions | |||||
|
files moved out of webroot + ac.php updated to use intval() |
|
Change not yet visible in tarball. |
|
Bug had been fixed. |
|
Closing issues that have been resolved more than one year ago… |
Date Modified | Username | Field | Change |
---|---|---|---|
2006-04-16 10:53 | blshkv | New Issue | |
2006-04-21 06:46 | duane | Status | new => closed |
2006-04-21 06:46 | duane | Note Added: 0000166 | |
2006-04-21 06:46 | duane | Resolution | open => fixed |
2006-04-21 06:46 | duane | Fixed in Version | => production |
2006-04-24 05:40 |
|
Note Added: 0000195 | |
2006-04-24 05:40 |
|
Assigned To | => bluec |
2006-04-24 05:40 |
|
Status | closed => needs work |
2009-04-26 16:31 | Sourcerer | Note Added: 0001384 | |
2009-04-26 16:31 | Sourcerer | Assigned To | bluec => |
2009-04-26 16:31 | Sourcerer | Status | needs work => solved? |
2012-05-30 21:17 | NEOatNHNG | Note Added: 0003040 | |
2012-05-30 21:17 | NEOatNHNG | Status | solved? => closed |
2013-01-14 08:05 | Werner Dworak | Fixed in Version | => 2009 Q2 |
2013-11-20 22:23 | NEOatNHNG | View Status | private => public |