[jira] [Updated] (VCL-808) vcld allows user values that contain HTML which is not cleaned on web interface

Andy Kurth (JIRA) Wed, 20 Jul 2016 11:02:57 -0700

     [ 
https://issues.apache.org/jira/browse/VCL-808?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andy Kurth updated VCL-808:
---------------------------
    Fix Version/s: 2.5

> vcld allows user values that contain HTML which is not cleaned on web 
> interface
> -------------------------------------------------------------------------------
>
>                 Key: VCL-808
>                 URL: https://issues.apache.org/jira/browse/VCL-808
>             Project: VCL
>          Issue Type: Improvement
>          Components: vcld (backend)
>    Affects Versions: 2.3.2
>            Reporter: Karl Vollmer
>             Fix For: 2.5
>
>
> put in HTML/Javascript for a users first name, it makes it into the database 
> and is displayed and executed on the web interface
> Example: ./vcld -setup 
> Add user with a firstname of "<b>Bol</b>"
> Lookup the user on the web interface



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (VCL-808) vcld allows user values that contain HTML which is not cleaned on web interface

Reply via email to