XSS Vulnerability? At least I was told so

Report bugs found in Poker Mavens

XSS Vulnerability? At least I was told so

Postby mantux5 » Mon Jun 08, 2015 6:17 am

If you type something like <script>alert(1)</script> into the Player Search box, the alert pops-up. I do not know, if this is a possible XSS Vulnerability or not, eitherway, I think this should be solved somehow.
mantux5
 
Posts: 70
Joined: Fri Apr 03, 2015 1:33 pm

Re: XSS Vulnerability? At least I was told so

Postby Kent Briggs » Mon Jun 08, 2015 9:16 am

mantux5 wrote:If you type something like <script>alert(1)</script> into the Player Search box, the alert pops-up. I do not know, if this is a possible XSS Vulnerability or not, eitherway, I think this should be solved somehow.


I've filtered all the relevant inputs for XSS. The only thing you could do with that player search box is XSS yourself since it's only displayed to yourself and not linkable from elsewhere.
Kent Briggs - [email protected]
Briggs Softworks - http://www.briggsoft.com
Kent Briggs
Site Admin
 
Posts: 3788
Joined: Wed Mar 19, 2008 8:47 pm

Re: XSS Vulnerability? At least I was told so

Postby Kent Briggs » Fri Jun 12, 2015 3:27 pm

This is now fixed in 4.40
Kent Briggs - [email protected]
Briggs Softworks - http://www.briggsoft.com
Kent Briggs
Site Admin
 
Posts: 3788
Joined: Wed Mar 19, 2008 8:47 pm


Return to Bugs

Who is online

Users browsing this forum: No registered users and 5 guests

cron