[pLog-svn] xss in 1.2.7
Mark Wu
markplace at gmail.com
Sat May 3 09:42:06 EDT 2008
I don't thnik it is XSS bug, it is the bug of article category
getSearchConditions().
It already fixed in 6435.
Mark
> -----Original Message-----
> From: plog-svn-bounces at devel.lifetype.net
> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Jon Daley
> Sent: Saturday, May 03, 2008 9:33 PM
> To: plog at hugi.to; LifeType Developer List
> Subject: Re: [pLog-svn] xss in 1.2.7
>
> On Sat, 3 May 2008, Reto Hugi wrote:
> >> http://www.securityfocus.com/archive/1/491550
> >
> > I noticed that too, just a minute ago. Looks like we've got
> the same
> > Google Alert ;)
> :)
>
> > There are even more search fields around, that have no
> filter. But for
> > example admineditcommentsachtion is filtering the searchTerms.
> >
> > Will you have time to fix it or shall I do it? (I'm away for today,
> > but could do it tomorrow).
> I think I probably shouldn't do lifetype stuff today, I
> have been ignoring most of my other work. I think what we
> really need is an exhaustive search through all parameters,
> rather than fixing them one at a time when someone else finds them.
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
More information about the pLog-svn
mailing list