search

mahovictim / rapla

Automatically exported from code.google.com/p/rapla
0 stars 0 forks source link

XSS Vulnarability #428

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. start rapla server on localhost
2. login as admin and export the standard calendar in html
3. browse
XSS: 
(Internal JS)
https://localhost:8051/rapla?page=calendar&user=admin&day=3&month=6&year=%3Cscri
pt%3Ealert%28%22ReflektivesXSS%22%29%3C/script%3E%3Ctextarea%3E

What is the expected output? What do you see instead?
the alert script is executed. It should not

Original issue reported on code.google.com by christop...@gmail.com on 22 Jul 2014 at 9:07

GoogleCodeExporter commented 9 years ago 
This issue was closed by revision 7647d23d83b6.

Original comment by christop...@gmail.com on 22 Jul 2014 at 9:08

GoogleCodeExporter commented 9 years ago

Original comment by christop...@gmail.com on 22 Jul 2014 at 9:50

GoogleCodeExporter commented 9 years ago 
This issue was closed by revision f60a127f59c2.

Original comment by christop...@gmail.com on 8 Aug 2014 at 1:19

GoogleCodeExporter commented 9 years ago

Original comment by christop...@gmail.com on 8 Aug 2014 at 1:30