Issue 2551035: XSS on 404 page - Roundup tracker

classification

Title:	XSS on 404 page
Type:	security	Severity:	major
Components:	Web interface	Versions:	1.6

process

Status:	fixed	Resolution:	fixed
Dependencies		Superseder:
Assigned To:	rouilj	Nosy List:	mdk, rouilj
Priority:	high	Keywords:	patch

Created on 2019-03-22 18:46 by mdk, last changed 2019-03-22 22:28 by rouilj.

Messages
msg6417	Author: [hidden] (mdk)	Date: 2019-03-22 18:46
Hi, An XSS has been found and reported https://github.com/python/bugs.python.org/issues/34 I'm cross posting it here so you can fix it too :)
msg6418	Author: [hidden] (rouilj)	Date: 2019-03-22 22:28
applied patch from github. encoding the client.path with cgi.encode Applied on trunk and maint-1.6 braches. Thanks for opening the ticket here mdk.

History
Date	User	Action	Args
2019-03-22 22:28:04	rouilj	set	status: new -> fixed resolution: fixed assignee: rouilj keywords: + patch severity: normal -> major versions: + 1.6 nosy: + rouilj messages: + msg6418 priority: high components: + Web interface type: security
2019-03-22 18:46:01	mdk	create