Details
-
Bug
-
Resolution: Done
-
P0: Blocker
-
None
-
None
-
None
-
Firefox
Description
The DevNet website is vulnerable to XSS attacks - as I can insert arbitrary tags using < and > - these are not escaped properly. Every "&" should be replaced by "&" in user input to fix this issue.
Demonstration:
http://developer.qt.nokia.com/forums/viewthread/2089/
I'm setting priority to "Blocker", as this is a real serious issue.