Details

    • Affects Portal Version/s:
      6.2.x

      Description

      Steps to reproduce:
      1, Create an entry
      1A: URL: http://localhost/'"><img src=x onerror=alert(/url/)>
      1B, Open Browser JS Console and enter: _84_type.selectedOptions[0].value="\'\"><img src=x onerror=alert(/type/)>"
      1C, Specify some title & content
      1D, Save
      2, Display the entry

      Expected behaviour - no pop-ups
      Actual behaviour - two pop-ups appear (url and type)

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                3 years, 28 weeks ago

                Subcomponents