Ticket #4244 (closed Bug: fixed)

Opened 4 years ago

Last modified 4 years ago

XSS in FCKeditor/trunk/_testcases/sampleposteddata.asp

Reported by: stonedyak Owned by:
Priority: Normal Milestone: FCKeditor 2.6.5
Component: Server : ASP Version:
Keywords: Cc:

Description

The sForm variable is outputted unescaped, allowing XSS. The versions of sampleposteddata.asp in the samples directory were updated a few weeks ago, but it looks like this one was missed

Change History

comment:1 Changed 4 years ago by fredck

  • Milestone set to FCKeditor 2.6.5

comment:2 Changed 4 years ago by wwalc

  • Status changed from new to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.
© 2003 – 2012 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy