| Issue 142: | Lack of user input filtering resulting in XSS | |
| 3 people starred this issue and may be notified of changes. | Back to list |
What steps will reproduce the problem? 1. post a jaiku with some javascript e.g. <script>alert()</script> 2. click on the presence link e.g. http://www.jaiku.com/channel/ohgod/presence/8c79c91a0c5e4ad49a4ebcfd44dafe4f 3. javascript is executed. What is the expected output? What do you see instead? Presence messages should be filtered to prevent cross site scripting attacks. What version of the product are you using? On what operating system? Using jaikuengine trunk and tested on jaiku.com Please provide any additional information below.
Sep 2, 2009
Project Member
#1
jonasnoc...@gmail.com
Labels:
-Priority-Medium Priority-Critical Security
|