[mythtv-commits] Ticket #5336: mythweb vulnerable to XSS
MythTV
mythtv at cvs.mythtv.org
Thu May 8 20:14:33 UTC 2008
#5336: mythweb vulnerable to XSS
-------------------------------------+--------------------------------------
Reporter: laga+mythtv at laga.ath.cx | Owner: ijr
Type: defect | Status: new
Priority: minor | Milestone: unknown
Component: mythtv | Version: unknown
Severity: medium | Mlocked: 0
-------------------------------------+--------------------------------------
Hi,
this bug was forwarded from
https://bugs.launchpad.net/ubuntu/+source/mythtv/+bug/214766
The search box in MythWeb doesn't sanitize input data properly. As pointed
out by jba6511, it's possible to inject code, e.g.
{{{<script>alert(document.cookie);</script>}}}
--
Ticket URL: <http://svn.mythtv.org/trac/ticket/5336>
MythTV <http://www.mythtv.org/>
MythTV
More information about the mythtv-commits
mailing list