Bug #2042

Security Problem - root_doc computation

Added by tsmr about 4 years ago. Updated about 4 years ago.

Status:Closed Start date:02/18/2010
Priority:Normal Due date:
Assignee:moyo % Done:

0%

Category:Framework
Target version:0.72.4

Description

Nikto report

OSVDB-0: GET //index.php/\"><script><script>alert(document.cookie)</script>< : eZ publish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.

Example :

http://demo.glpi-project.org/index.php/%5C%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E


Related issues

related to GLPI-PROJECT - Bug #2043: Security : clean $_SERVER['PHP_SELF'] REQUEST_URI... Closed 02/18/2010

History

Updated by moyo about 4 years ago

  • Status changed from New to Closed
  • Assignee set to moyo
  • Target version changed from 0.78 to 0.72.4

Updated by moyo about 4 years ago

  • Tracker changed from Task to Bug

Also available in: Atom PDF