You are here: Foswiki>Tasks Web>Item13739 (10 Oct 2015, GeorgeClark)Edit Attach

Item13739: LoginName is not validated and presents XSS path.

pencil
Priority: Security
Current State: Closed
Released In: 2.0.2
Target Release: patch
Applies To: Engine
Component: LoginManager
Branches: master
Reported By: GeorgeClark
Waiting For:
Last Change By: GeorgeClark
This tasks addressed validation or encoding of the parameters used during registration and login.

  • Registration parameters are now all entity encoded. Previously there was some encoding done, but it was insufficient to block all XSS paths.
  • The xss path during login was in the generation of an error message. That path is now blocked.

No further administrator action is needed.
Topic revision: r8 - 10 Oct 2015, GeorgeClark - This page was cached on 25 Aug 2016 - 04:47.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License