Details

    • Branch Version/s:
      6.1.x
    • Backported to Branch:
      Committed

      Description

      Steps to reproduce:

      1. Create a microblog and add a comment to it with the following XSS content:

      <script>alert("this is an xss test");</script>

      2. Now when browsing any page we'll see the alert pop-up, since the dockbar contains the notification for the new comment with its content unescaped.

      The content of the notifications must be escaped to prevent XSS attacks.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                4 years, 36 weeks ago

                Subcomponents