Openfire (ARCHIVED)

Additional cross-site scripting bugs in login

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Blocker Blocker
  • Resolution: Fixed
  • Affects Version/s: 2.6.0
  • Fix Version/s: 3.6.0
  • Component/s: Admin Console
  • Acceptance Test - Add?:
    No
  • Description:

    Additional cross-site scripting attacks possible in the login form.

Issue Links

Related to

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
LG added a comment - 05/21/08 09:45 PM

Hi,

I really wonder why it take so long to resolve this issue. Just ignoring the parsed parameters (everything behind the ?) would be fine to fix this issue.
Of course one would no longer be able to access URL's directly and to set the username but that's how other applications solve this issue.

LG

Show
LG added a comment - 05/21/08 09:45 PM Hi, I really wonder why it take so long to resolve this issue. Just ignoring the parsed parameters (everything behind the ?) would be fine to fix this issue. Of course one would no longer be able to access URL's directly and to set the username but that's how other applications solve this issue. LG
Hide
Permalink
Daniel Henninger added a comment - 05/22/08 03:21 AM

Patience =) I aim to fix these and some other assorted issues for 3.5.2!

Show
Daniel Henninger added a comment - 05/22/08 03:21 AM Patience =) I aim to fix these and some other assorted issues for 3.5.2!

People

Dates

  • Created:
    04/07/06 08:38 PM
    Updated:
    11/12/08 09:41 AM
    Resolved:
    08/25/08 06:48 PM
Atlassian JIRA (v4.1.2#531) | Report a problem | Request a feature | Contact administrators
Powered by a free Atlassian JIRA open source license for igniterealtime.org. Try JIRA - bug tracking software for your team.