Roundup Tracker - Issues

Issue 2551035

classification
Title: XSS on 404 page
Type: security Severity: major
Components: Web interface Versions: 1.6
process
Status: fixed Resolution: fixed
Dependencies: Superseder:
Assigned To: rouilj Nosy List: mdk, rouilj
Priority: high Keywords: patch

Created on 2019-03-22 18:46 by mdk, last changed 2019-03-22 22:28 by rouilj.

Messages
msg6417 Author: [hidden] (mdk) Date: 2019-03-22 18:46
Hi,

An XSS has been found and reported
https://github.com/python/bugs.python.org/issues/34 I'm cross posting it
here so you can fix it too :)
msg6418 Author: [hidden] (rouilj) Date: 2019-03-22 22:28
applied patch from github. encoding the client.path with cgi.encode

Applied on trunk and maint-1.6 braches.

Thanks for opening the ticket here mdk.
History
Date User Action Args
2019-03-22 22:28:04rouiljsetstatus: new -> fixed
resolution: fixed
assignee: rouilj
keywords: + patch
severity: normal -> major
versions: + 1.6
nosy: + rouilj
messages: + msg6418
priority: high
components: + Web interface
type: security
2019-03-22 18:46:01mdkcreate