Bug Tracker

Modify

Ticket #12254 (closed bug: fixed)

Opened 21 months ago

Last modified 18 months ago

Reflected XSS

Reported by: cloudsrise Owned by: cloudsrise
Priority: low Milestone: 1.9
Component: build Version: git
Keywords: Cc:
Blocking: Blocked by:

Description

Line 59 of polluted.php sends unvalidated data to a web browser, which can result in the browser executing malicious code.

Change History

comment:1 Changed 21 months ago by rwaldron

  • Status changed from new to closed
  • Resolution set to invalid

polluted.php exists solely to be used by the test suite.

comment:2 Changed 20 months ago by anonymous

While I would love to agree with you, user behavior dictates otherwise. It isn't clear to me they are knowingly putting themselves at risk with regards to XSS and this public exploit.  http://www.google.com/search?q=inurl:polluted.php should give you a few examples where we see unexpected test suite deployment behavior.

comment:3 Changed 20 months ago by dmethvin

  • Status changed from closed to reopened
  • Resolution invalid deleted

comment:4 Changed 20 months ago by dmethvin

  • Owner set to cloudsrise
  • Status changed from reopened to pending

Okay, do you have a proposed fix?

comment:5 follow-up: ↓ 6 Changed 20 months ago by anonymous

Validate and sanitize the input / output.

comment:6 in reply to: ↑ 5 Changed 20 months ago by dmethvin

  • Status changed from pending to open

I was kind of hoping for a pull request... :)

comment:7 Changed 20 months ago by dmethvin

  • Priority changed from undecided to low
  • Component changed from unfiled to core

comment:8 Changed 20 months ago by dmethvin

  • Component changed from core to build

comment:9 Changed 20 months ago by dmethvin

Honestly, cloudsrise, we could use a pull request here if you're interested.

comment:11 Changed 18 months ago by mikesherov

  • Status changed from open to closed
  • Resolution set to fixed
  • Milestone changed from None to 1.9

Please follow the  bug reporting guidlines and use  jsFiddle when providing test cases and demonstrations instead of pasting the code in the ticket.

View

Add a comment

Modify Ticket

Action
as closed
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.