Ticket #4244 (closed Bug: fixed)
XSS in FCKeditor/trunk/_testcases/sampleposteddata.asp
|Reported by:||stonedyak||Owned by:|
|Component:||Server : ASP||Version:|
The sForm variable is outputted unescaped, allowing XSS. The versions of sampleposteddata.asp in the samples directory were updated a few weeks ago, but it looks like this one was missed
Note: See TracTickets for help on using tickets.