View Issue Details

IDProjectCategoryView StatusLast Update
0000294OXID eShop (all versions)4.04. Securitypublic2008-10-16 10:59
Reportertomas_liubinas Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Fixed in Version4.0.0.0 revision 13895 
Summary0000294: XSS in guestbook
DescriptionIt is possible to add html into guestbook. Even JS works.

Additional InformationThis problem should be resolved over ->value ->rawvalue object properties rather than direct html filtering.
TagsNo tags attached.
Theme
BrowserAll
PHP Version5.2.6
Database Version5.0.33

Activities

There are no notes attached to this issue.