[Gnuheter-dev] [Bug #2890] docs.php XSS

gnuheter-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnuheter-dev] [Bug #2890] docs.php XSS

From:	nobody
Subject:	[Gnuheter-dev] [Bug #2890] docs.php XSS
Date:	Thu, 03 Apr 2003 06:45:16 -0500

=================== BUG #2890: LATEST MODIFICATIONS ==================
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=2890&group_id=2176

Changes by: Ulf Härnhammar <address@hidden>
Date: Thu 04/03/2003 at 11:45 (GMT)

------------------ Additional Follow-up Comments ----------------------------
Den har ar val lagad nu?



=================== BUG #2890: FULL BUG SNAPSHOT ===================


Submitted by: metaur                  Project: Gnuheter                     
Submitted on: Fri 03/21/2003 at 11:55
Category:  Bug                        Severity:  5 - Major                  
Bug Group:  None                      Resolution:  None                     
Assigned to:  None                    Status:  Open                         

Summary:  docs.php XSS

Original Submission:  docs.php har ett Cross-Site Scripting-problem. Begrunda 
följande URL:

http://gnuheter.org/docs.php?config=1&sitename=%3cscript%3ealert%2857%29%3c%2fscript%3e

Det fixas enkelt genom att ändra if (!config) include.. till bara include.


Follow-up Comments
*******************

-------------------------------------------------------
Date: Thu 04/03/2003 at 11:45       By: metaur
Den har ar val lagad nu?


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=2890&group_id=2176

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnuheter-dev] [Bug #2890] docs.php XSS, nobody <=

Prev by Date: [Gnuheter-dev] XSS-fel i article.php
Next by Date: [Gnuheter-dev] [Bug #3083] top.php ordval
Previous by thread: [Gnuheter-dev] XSS-fel i article.php
Next by thread: [Gnuheter-dev] [Bug #3083] top.php ordval
Index(es):
- Date
- Thread