[ZendTo] Unauthenticated XSS
Jules
Jules at Zend.To
Wed Nov 2 09:47:13 GMT 2016
Sorry I've only been able to pick this up now, but I've just fixed this one.
Once I've got the CentOS 7 packaging sorted out and the last bugs ironed
out, I'll release a new version.
Any outstanding bug reports, please do let me know!
Cheers,
Jules.
On 19/08/2016 15:06, Stewart Campbell wrote:
>
> HI all I don’t think this is much of a threat but I’m no expert on
> these things… just trying to learn.
>
> In pickup.php while unauthenticated
>
> POST
>
> auth="><script>alert('XSS');</script>
>
> The auth variable in the displayPickupCheck function isn’t sanitized
> like the others.
>
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
Jules
--
Julian Field MEng MBCS CITP CEng
How to stop time: kiss.
How to travel in time: read.
How to escape time: music.
How to feel time: write.
How to release time: breathe.
www.Zend.To
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20161102/c701c8dd/attachment.html
More information about the ZendTo
mailing list