Issue #601 has been updated by Clément OUDOT. Status changed from New to Assigned Assigned to set to Clément OUDOT Target version set to self-service-password-?
---------------------------------------- Bug #601: Reflected XSS in sendsms.php http://tools.lsc-project.org/issues/601 Author: John Menerick Status: Assigned Priority: High Assigned to: Clément OUDOT Category: Self Service Password Target version: self-service-password-? There is a XSS in sendsms.php. Lines 40, 48, and 51, the login request parameter is called and assigned to $login. Line 57 attempts to sanitize but fails to do so. Unfortunately, stripslashes does not prevent XSS. Line 231, builtin echo sends the output back to the browser. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
