#2336: possible security hole in default error handler
----------------------------------+-----------------------------------------
Reporter: diefans | Owner: mramm
Type: defect | Status: new
Priority: highest | Milestone: 2.0
Component: TurboGears | Version: 2.0
Severity: critical | Resolution:
Keywords: javascript injection |
----------------------------------+-----------------------------------------
Changes (by Chris Arndt):
* owner: => mramm
Comment:
This seems like a serious issue. Though to exploit it as an XSS attack the
attacker must be able to plant a forged URL on the victim.
--
Ticket URL: <http://trac.turbogears.org/ticket/2336#comment:4>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google
Groups "TurboGears Tickets" group.
This group is read-only. No posting by normal members allowed.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets?hl=en?hl=en
-~----------~----~----~----~------~----~------~--~---
