Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P0: Blocker
Fix Version/s: None
Affects Version/s: None
Component/s: qt-project.org
Labels:
None
Environment:
Firefox

Description

The DevNet website is vulnerable to XSS attacks - as I can insert arbitrary tags using < and > - these are not escaped properly. Every "&" should be replaced by "&" in user input to fix this issue.

Demonstration:

http://developer.qt.nokia.com/forums/viewthread/2089/

I'm setting priority to "Blocker", as this is a real serious issue.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

qt-devnet-xss.png
57 kB
02 Dec '10 12:48

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: mariusg (Inactive)

Reporter:: Thomas Perl

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 02 Dec '10 12:47

Updated:: 20 Sep '12 10:38

Resolved:: 02 Dec '10 13:31

Gerrit Reviews

There are no open Gerrit changes