Opened 15 years ago

Closed 14 years ago

#4244 closed Bug (fixed)

XSS in FCKeditor/trunk/_testcases/sampleposteddata.asp

Reported by: Paul Stone Owned by:
Priority: Normal Milestone: FCKeditor 2.6.5
Component: Server : ASP Version:
Keywords: Cc:


The sForm variable is outputted unescaped, allowing XSS. The versions of sampleposteddata.asp in the samples directory were updated a few weeks ago, but it looks like this one was missed

Change History (2)

comment:1 Changed 15 years ago by Frederico Caldeira Knabben

Milestone: FCKeditor 2.6.5

comment:2 Changed 14 years ago by Wiktor Walc

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.
© 2003 – 2022, CKSource sp. z o.o. sp.k. All rights reserved. | Terms of use | Privacy policy