[ZendTo] Unauthenticated XSS

Jules Jules at Zend.To
Wed Nov 2 09:47:13 GMT 2016

Sorry I've only been able to pick this up now, but I've just fixed this one.

Once I've got the CentOS 7 packaging sorted out and the last bugs ironed 
out, I'll release a new version.

Any outstanding bug reports, please do let me know!


On 19/08/2016 15:06, Stewart Campbell wrote:
> HI all I don’t think this is much of a threat but I’m no expert on 
> these things… just trying to learn.
> In pickup.php while unauthenticated
> auth="><script>alert('XSS');</script>
> The auth variable in the displayPickupCheck function isn’t sanitized 
> like the others.
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto


Julian Field MEng MBCS CITP CEng

How to stop time: kiss.
How to travel in time: read.
How to escape time: music.
How to feel time: write.
How to release time: breathe.

Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20161102/c701c8dd/attachment.html 

More information about the ZendTo mailing list