XSS Vulnerability? At least I was told so
XSS Vulnerability? At least I was told so
If you type something like <script>alert(1)</script> into the Player Search box, the alert pops-up. I do not know, if this is a possible XSS Vulnerability or not, eitherway, I think this should be solved somehow.
-
- Site Admin
- Posts: 5880
- Joined: Wed Mar 19, 2008 8:47 pm
Re: XSS Vulnerability? At least I was told so
I've filtered all the relevant inputs for XSS. The only thing you could do with that player search box is XSS yourself since it's only displayed to yourself and not linkable from elsewhere.mantux5 wrote:If you type something like <script>alert(1)</script> into the Player Search box, the alert pops-up. I do not know, if this is a possible XSS Vulnerability or not, eitherway, I think this should be solved somehow.
-
- Site Admin
- Posts: 5880
- Joined: Wed Mar 19, 2008 8:47 pm
Re: XSS Vulnerability? At least I was told so
This is now fixed in 4.40