This resource is for KnowledgeTree community members. Commercial Customers can log new support cases via the KnowledgeTree Support Portal


KnowledgeTree Community Edition

Cross site scripting checks

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Priority One: Immediate fix Priority One: Immediate fix
  • Resolution: Fixed
  • Affects Version/s: STABLE 3.4.1
  • Fix Version/s: DEV 3.5
  • Component/s: None
  • Fix impact:
    DEV 3.5
  • Issue Source Release:
    DEV.3.5.2007-08-21-092201
  • Description:
    validate general entries against cross site scripting attacks

Issue Links

Related
 

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Fortunate Mashinini added a comment - 21/Aug/07 10:52 AM
I can't pass this issue because I can still add some java script code for the following text_field instances:
1. create a user/and group using <script type="text/javascript">window.alert("Hello World!")</script>
2. Search for user/group using <script type="text/javascript">window.alert("Hello World!")</script>
3. Creating unit trancates script to <script type=
Show
Fortunate Mashinini added a comment - 21/Aug/07 10:52 AM I can't pass this issue because I can still add some java script code for the following text_field instances: 1. create a user/and group using <script type="text/javascript">window.alert("Hello World!")</script> 2. Search for user/group using <script type="text/javascript">window.alert("Hello World!")</script> 3. Creating unit trancates script to <script type=
Hide
Permalink
Conrad Vermeulen added a comment - 24/Aug/07 12:09 PM
The attack from administration is less likely.

The main problem is catering for the user only side of things.

the attack is more likely from a user wanting administrator privs...
Show
Conrad Vermeulen added a comment - 24/Aug/07 12:09 PM The attack from administration is less likely. The main problem is catering for the user only side of things. the attack is more likely from a user wanting administrator privs...
Hide
Permalink
Fortunate Mashinini added a comment - 17/Sep/07 10:50 AM
Issue clarified, can now be closed.
Show
Fortunate Mashinini added a comment - 17/Sep/07 10:50 AM Issue clarified, can now be closed.

People

Dates

  • Created:
    10/Jul/07 11:02 AM
    Updated:
    17/Sep/07 10:50 AM
    Resolved:
    13/Jul/07 03:40 PM
Atlassian JIRA
(Enterprise Edition, Version: 4.1.1-#522)
©2006-2010 KnowledgeTree Inc.

Document Management Software
File Sharing  |   Sales Document Management  |   Deal Rooms  |   Accounting Document Management  |   HR Document Management

Powered by a free Atlassian JIRA open source license for KnowledgeTree c/o The Jam Warehouse Software (Pty) Ltd. Try JIRA - bug tracking software for your team.