Issue #601 has been reported by John Menerick. ---------------------------------------- Bug #601: Reflected XSS in sendsms.php http://tools.lsc-project.org/issues/601
Author: John Menerick Status: New Priority: High Assigned to: Category: Self Service Password Target version: There is a XSS in sendsms.php. Lines 40, 48, and 51, the login request parameter is called and assigned to $login. Line 57 attempts to sanitize but fails to do so. Unfortunately, stripslashes does not prevent XSS. Line 231, builtin echo sends the output back to the browser. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
