We are migrating CKEditor issue tracking to GitHub. Please, use GitHub to report any new issues.

The former tracking system (this website) will still be available in the read-only mode. All issues reported in the past will still be available publicly and can be referenced.

Important: we decided not to transfer all the tickets to GitHub, as many of them are not reproducible anymore or simply no longer requested by the community.
If the issue you are interested in, can be still reproduced in the latest version of CKEditor, feel free to report it again on GitHub.
At the same time please note that issues reported on this website are still taken into consideration when picking up candidates for next milestones.

To report a new issue, go to https://github.com/ckeditor/ckeditor-dev/issues and follow the instructions in the issue template.

Context Navigation

← Previous Ticket
Next Ticket →

Opened 15 years ago

Closed 15 years ago

#4244 closed Bug (fixed)

XSS in FCKeditor/trunk/_testcases/sampleposteddata.asp

Reported by:	Paul Stone	Owned by:
Priority:	Normal	Milestone:	FCKeditor 2.6.5
Component:	Server : ASP	Version:
Keywords:		Cc:

Description

The sForm variable is outputted unescaped, allowing XSS. The versions of sampleposteddata.asp in the samples directory were updated a few weeks ago, but it looks like this one was missed

Change History (2)

comment:1 Changed 15 years ago by Frederico Caldeira Knabben

Milestone:	→ FCKeditor 2.6.5

comment:2 Changed 15 years ago by Wiktor Walc

Resolution:	→ fixed
Status:	new → closed

Note: See TracTickets for help on using tickets.

Download in other formats: