Message 4079 - Roundup tracker

Author	benjamin
Recipients	benjamin
Date	2010-06-30.14:37:16
Message-id	<1277908637.63.0.510876901991.issue2550654@psf.upfronthosting.co.za>
In-reply-to

There's an XSS vulnerability in Roundup's handling of the template argument. An example URL 
would be

http://issues.roundup-tracker.org/issue?
@template=%3C/strong%3E%3Chtml%3E%3Chead%3E%3Cscript%3Ealert(%22Escape%20your%20st
rings%22)%3C/script%3E%3C/head%3E%3C/html%3E%3Cstrong%3E&status=1

This would allow JavaScript to access all cookies, make random changes to Roundup, etc.

History
Date	User	Action	Args
2010-06-30 14:37:17	benjamin	set	recipients: + benjamin
2010-06-30 14:37:17	benjamin	set	messageid: <1277908637.63.0.510876901991.issue2550654@psf.upfronthosting.co.za>
2010-06-30 14:37:17	benjamin	link	issue2550654 messages
2010-06-30 14:37:16	benjamin	create

Roundup Tracker - Issues

Message4079