Issue tracker moved to https://gitlab.archlinux.org/archlinux/aurweb/-/issues
FS#45284 - XSS in Manage Co-maintainers Input
Attached to Project:
AUR web interface
Opened by Emanuel Duss (mindfuckup) - Tuesday, 09 June 2015, 21:26 GMT
Last edited by Lukas Fleischer (lfleischer) - Wednesday, 10 June 2015, 06:57 GMT
Opened by Emanuel Duss (mindfuckup) - Tuesday, 09 June 2015, 21:26 GMT
Last edited by Lukas Fleischer (lfleischer) - Wednesday, 10 June 2015, 06:57 GMT
|
DetailsIt's possible to insert HTML and JavaScript code in the textbox where I can add Co-maintainers.
I think it's not critical, because the token must be sent on every request. |
This task depends upon
Closed by Lukas Fleischer (lfleischer)
Wednesday, 10 June 2015, 06:57 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in 4.0.0-rc4.
Wednesday, 10 June 2015, 06:57 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in 4.0.0-rc4.