summaryrefslogtreecommitdiff
path: root/lib/scripts
diff options
context:
space:
mode:
authorAndreas Gohr <andi@splitbrain.org>2015-03-18 22:16:34 +0100
committerAndreas Gohr <andi@splitbrain.org>2015-03-18 22:16:34 +0100
commitf23f95941a400702f525923973f3612df6da82cb (patch)
tree87b3a6d2acbd96a32711f86470d69cc53cbd64ec /lib/scripts
parent6abea1c0be56a2cb5575c8921c3e6661ed565697 (diff)
downloadrpg-f23f95941a400702f525923973f3612df6da82cb.tar.gz
rpg-f23f95941a400702f525923973f3612df6da82cb.tar.bz2
SECURITY escape user properties in user manager #1081
The user properties (login, real name, etc) where not properly escaped in the user manager's edit form. This allowed a XSS attack on the superuser by registered users. Thanks to Filippo Cavallarin from www.segment.technology for discovering this bug.
Diffstat (limited to 'lib/scripts')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-10 22:13:35 +0000