View Issue Details

Jump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0002222OXID eShop (all versions)4.04. Securitypublic2010-11-24 10:312010-12-13 13:21
Reporterdainius.bigelis Assigned To 
PriorityurgentSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.4.4 revision 30554 
Fixed in Version4.4.5 revision 31315 
Summary0002222: Improper handling of quotes in eShop input field
DescriptionBy specially crafted JavaScript code, inserted in particular input fields in OXID eShop frontend, it's possible to execute unauthorized JavaScript code in eShop admin area.
TagsNo tags attached.
Theme
BrowserAll
PHP Versionany
Database Versionany

Relationships

related to 0002206 resolvedalfonsas_cirtautas Improper reading of Tags from DB 

Activities

There are no notes attached to this issue.