Opened 10 years ago
Last modified 9 years ago
#11999 closed defect
Several messages should be escaped in ticketlog.js — at Initial Version
| Reported by: | Jun Omae | Owned by: | Richard Liao |
|---|---|---|---|
| Priority: | normal | Component: | TracTicketChangelogPlugin |
| Severity: | normal | Keywords: | |
| Cc: | Trac Release: | 0.12 |
Description
I found XSS vulnerabilities in ticketlog.js.
result.msg_query_errin tracticketchangelogplugin/0.12/ticketlog/htdocs/ticketlog.js@14183:8#L5result.msg_tkt_rev_headin tracticketchangelogplugin/0.12/ticketlog/htdocs/ticketlog.js@14183:25#L21revision.authorandrevision.messagein tracticketchangelogplugin/0.12/ticketlog/htdocs/ticketlog.js@14183:43,44#L39
I'll post patch for that.
Note: See
TracTickets for help on using
tickets.
