You are here: Foswiki>Tasks Web>Item13739 (10 Oct 2015, GeorgeClark)Edit Attach

Item13739: LoginName is not validated and presents XSS path.

Priority: Security
Current State: Closed
Released In: 2.0.2
Target Release: patch
Applies To: Engine
Component: LoginManager
Branches: master
Reported By: GeorgeClark
Waiting For:
Last Change By: GeorgeClark
This tasks addressed validation or encoding of the parameters used during registration and login.

  • Registration parameters are now all entity encoded. Previously there was some encoding done, but it was insufficient to block all XSS paths.
  • The xss path during login was in the generation of an error message. That path is now blocked.

No further administrator action is needed.
Topic revision: r8 - 10 Oct 2015, GeorgeClark - This page was cached on 17 Sep 2021 - 19:05.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy