View Issue Details

Jump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0002048OXID eShop (all versions)4.04. Securitypublic2010-08-17 16:162010-08-24 11:31
Reportersarunas_valaskevicius Assigned To 
PriorityimmediateSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Target Version4.4.2 revision 29492Fixed in Version4.4.2 revision 29492 
Summary0002048: xss in admin login page
Descriptionon user login error or cookies error exception thrown, entered (GET or POST) user and passwd are outputed unescaped. The problem in admin/login.php checklogin()

For more details check the security bulletin:
http://wiki.oxidforge.org/Security_bulletins/2010-003
TagsNo tags attached.
Theme
BrowserAll
PHP Versionany
Database Versionany

Activities

There are no notes attached to this issue.