Opened 6 years ago

Closed 6 years ago

#4244 closed Bug (fixed)

XSS in FCKeditor/trunk/_testcases/sampleposteddata.asp

Reported by: stonedyak Owned by:
Priority: Normal Milestone: FCKeditor 2.6.5
Component: Server : ASP Version:
Keywords: Cc:


The sForm variable is outputted unescaped, allowing XSS. The versions of sampleposteddata.asp in the samples directory were updated a few weeks ago, but it looks like this one was missed

Change History (2)

comment:1 Changed 6 years ago by fredck

  • Milestone set to FCKeditor 2.6.5

comment:2 Changed 6 years ago by wwalc

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.
© 2003 – 2015 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy