search

CUL-DigitalServices / avocet-ui

Open Academic Environment (OAE) Front-End
http://www.oaeproject.org
Educational Community License v2.0
1 stars 1 forks source link

Security issue with form #324

Closed micheleidesmith closed 10 years ago

micheleidesmith commented 10 years ago

One of title / dept or comment input is not sanitised

Attack vectors: index.php?name=guest

and https://www.evernote.com/shard/s6/sh/68063137-997e-4b62-9723-ed3ee5e36141/4bca2a510c786a697b90b9b2bd43b946

timdegroote commented 10 years ago

Fixed in https://github.com/CUL-DigitalServices/avocet-ui/pull/314

timdegroote commented 10 years ago

Closing as this is fixed.