Opened 16 years ago
Closed 16 years ago
#5336 closed defect (fixed)
mythweb vulnerable to XSS
Reported by: | Owned by: | Rob Smith | |
---|---|---|---|
Priority: | critical | Milestone: | unknown |
Component: | mythweb | Version: | unknown |
Severity: | high | Keywords: | |
Cc: | Ticket locked: | no |
Description
Hi,
this bug was forwarded from https://bugs.launchpad.net/ubuntu/+source/mythtv/+bug/214766
The search box in MythWeb doesn't sanitize input data properly. As pointed out by jba6511, it's possible to inject code, e.g. <script>alert(document.cookie);</script>
Change History (3)
Note: See
TracTickets for help on using
tickets.
Oops, wrong URL to launchpad. Here's a better one: https://bugs.launchpad.net/ubuntu/+source/mythplugins/+bug/220088
thanks stuarta :)