[ZendTo] Unauthenticated XSS
Jules at Zend.To
Wed Nov 2 09:47:13 GMT 2016
Sorry I've only been able to pick this up now, but I've just fixed this one.
Once I've got the CentOS 7 packaging sorted out and the last bugs ironed
out, I'll release a new version.
Any outstanding bug reports, please do let me know!
On 19/08/2016 15:06, Stewart Campbell wrote:
> HI all I don’t think this is much of a threat but I’m no expert on
> these things… just trying to learn.
> In pickup.php while unauthenticated
> The auth variable in the displayPickupCheck function isn’t sanitized
> like the others.
> ZendTo mailing list
> ZendTo at zend.to
Julian Field MEng MBCS CITP CEng
How to stop time: kiss.
How to travel in time: read.
How to escape time: music.
How to feel time: write.
How to release time: breathe.
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ZendTo