Briggs Softworks

Support Forums
http://www.briggsoft.com/forums/

XSS Vulnerability? At least I was told so

http://www.briggsoft.com/forums/viewtopic.php?t=1981

Page 1 of 1

XSS Vulnerability? At least I was told so

Posted: Mon Jun 08, 2015 6:17 am
by mantux5
If you type something like <script>alert(1)</script> into the Player Search box, the alert pops-up. I do not know, if this is a possible XSS Vulnerability or not, eitherway, I think this should be solved somehow.

Re: XSS Vulnerability? At least I was told so

Posted: Mon Jun 08, 2015 9:16 am
by Kent Briggs
mantux5 wrote:If you type something like <script>alert(1)</script> into the Player Search box, the alert pops-up. I do not know, if this is a possible XSS Vulnerability or not, eitherway, I think this should be solved somehow.
I've filtered all the relevant inputs for XSS. The only thing you could do with that player search box is XSS yourself since it's only displayed to yourself and not linkable from elsewhere.

Re: XSS Vulnerability? At least I was told so

Posted: Fri Jun 12, 2015 3:27 pm
by Kent Briggs
This is now fixed in 4.40
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited