Feeling Lucky
[#20792] - Escaping HTML special characters to prevent XSS
- Closed
- 18 Jun 2018
- Medium
- Build: staging
- # 20792
- Diff
- dcianciulli:staging
User tests: Successful: Unsuccessful:
There are some cases in which the link on the flag of the current language does not escape HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page url.
| Status | New | ⇒ | Pending |
| Category | ⇒ | Modules Front End |
peteruoi
- comment
- 18 Jun 2018
and plz close-delete this :)
https://developer.joomla.org/security.html
| Status | Pending | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-06-18 16:50:02 |
| Closed_By | ⇒ | franz-wohlkoenig |
joomla-cms-bot
- comment
- 18 Jun 2018
Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/20792
| Closed_Date | 2018-06-18 16:50:02 | ⇒ | 2018-06-18 16:50:04 |
| Closed_By | franz-wohlkoenig | ⇒ | joomla-cms-bot |
franz-wohlkoenig
- comment
- 18 Jun 2018
closed as stated above, can't delete PR.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/20792.
@joomla/security