[JM-629] Additional cross-site scripting bugs in login Created: 08/Apr/06 Updated: 12/Nov/08 Resolved: 25/Aug/08 |
|
Status: | Closed |
Project: | Openfire (ARCHIVED) |
Components: | Admin Console |
Affects versions: | 2.6.0 |
Fix versions: | 3.6.0 |
Type: | Bug | Priority: | Blocker |
Reporter: | MattM | Assignee: | Daniel Henninger |
Resolution: | Fixed | Votes: | 7 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original estimate: | Not Specified |
Issue links: |
|
Description |
Additional cross-site scripting attacks possible in the login form. |
Comments |
Comment by LG [ 22/May/08 ] |
Hi, I really wonder why it take so long to resolve this issue. Just ignoring the parsed parameters (everything behind the ?) would be fine to fix this issue. LG |
Comment by Daniel Henninger [ 22/May/08 ] |
Patience =) I aim to fix these and some other assorted issues for 3.5.2! |
Comment by Daniel Henninger [ 17/Jul/08 ] |
A trivial demo of this: |