Searched hist:ff71173477e54774b5571015d49d944f51cb8a26 (Results 1 – 1 of 1) sorted by relevance
| /dokuwiki/inc/ |
| H A D | html.php | ff71173477e54774b5571015d49d944f51cb8a26 Thu Apr 19 09:26:46 UTC 2012 Andreas Gohr <gohr@cosmocode.de> escape target error message (SECURITY) FS#2487 FS#2488
The error message when a non-existant editor was tried to load wasn't
escaped correctly, allowing to introduce arbitrary JavaScript to the
output, leading to a XSS vulnerability.
Note: the reported second XCRF vulnerability is the same bug, the xploit
code simply uses JavaScript to extract a valid CSRF token from the site
|