View Issue Details

IDProjectCategoryView StatusLast Update
0002048OXID eShop (all versions)4.04. Securitypublic2010-08-24 11:31
Reportersarunas_valaskevicius Assigned To 
PriorityimmediateSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Target Version4.4.2 revision 29492Fixed in Version4.4.2 revision 29492 
Summary0002048: xss in admin login page
Descriptionon user login error or cookies error exception thrown, entered (GET or POST) user and passwd are outputed unescaped. The problem in admin/login.php checklogin()

For more details check the security bulletin:
http://wiki.oxidforge.org/Security_bulletins/2010-003
TagsNo tags attached.
Theme
BrowserAll
PHP Versionany
Database Versionany

Activities

There are no notes attached to this issue.