[STR-3191] Sufficently filter HTML tag attribute names and values - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 1.2.9, 1.3.10
Fix Version/s: 1.4.0
Component/s: Tag Libraries
Labels:
None

Description

Allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to insufficient quoting of parameters.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

STR-3191-patch.txt
27/Jul/09 03:23
8 kB
Paul Benedict

Activity

People

Assignee:: Paul Benedict

Reporter:: Paul Benedict

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 27/Jul/09 02:31

Updated:: 26/Dec/09 00:49

Resolved:: 16/Sep/09 09:45