Details

    • Story Points:
      2
    • Fix Priority:
      4

      Description

      1. add asset publisher to a page
      2. go to Configuration -> Setup
      3. go to Archive/Restore Setup
      4. save your setup as <script>alert("www.eo.pl");</script
        Effect: almost immediately you will see javascript error because HTML in that name was not escaped. This is security bug.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                4 years, 31 weeks, 2 days ago