Dolibarr ERP & CRM » Bugs » bug #1525 XSS in several values of third cardLatest modifications
Answer now
Snapshot Details |
Last Modified On: | 2014-07-26 17:33 | | Submitted by: | Marcos García (marcosgdf) |
Submitted on: | 2014-07-13 19:09 | |
Summary: | XSS in several values of third card |
Description: | XSS in several values of third card |
Step to reproduce bug: | Check screenshots. |
Detected in version: | 3.5.3 | | Category: | Module: Thirdparties |
Severity: | 7 | | OS Type/Version: | |
PHP version: | | | Database type and version: | |
Status |
Status: | Closed | | Assigned to: | None |
Resolution: | Invalid | |
Comments- Marcos GarcĂa 2014-07-26 21:07
- Didn't check it so much. I thought that because there's no htmlentities used all over Dolibarr's pages, it would be a posibility of XSS injection, but now I see that it is prevented in main.inc
- Laurent Destailleur 2014-07-26 17:33
- Can your provide more information ?
What do you mean with XSS into some values of thirdparty. Screnshot just show you edit value with d, so what's wrong ? |
|
Need more info→ ClosedNone→ Invalid