Persistent XSS attack in label func

mimtek / rutorrent

Automatically exported from code.google.com/p/rutorrent

0 stars 0 forks source link

Persistent XSS attack in label func #186

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

When adding a label it is possible to inject HTML/JavaScript that will run
whenever a torrent is right clicked on again.

1. Right click on torrent 
2. New label
3. Enter: <script>alert("XSS");</script>
4. Save and right click on a torrent.

Rutorrent version 2.6 on Apache 2.2.9 running Debian Linux.

Original issue reported on code.google.com by mothra13@gmail.com on 24 Nov 2009 at 4:32

GoogleCodeExporter commented 9 years ago

Original comment by novik65 on 24 Nov 2009 at 8:54

Changed state: Accepted

GoogleCodeExporter commented 9 years ago

Fixed in r531.

Original comment by novik65 on 24 Nov 2009 at 9:16

Changed state: Fixed