XSS (Cross-site Scripting) allows an attacker to execute a dynamic script in the context of the application. #10
Comments
|
From bento.vi...@gmail.com on April 20, 2010 14:49:50 Thanks for the report. Already fixed it and release a new version. Best Regards, |
This was referenced Jan 18, 2013
Open
Closed
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Original author: dermi...@gmail.com (April 20, 2010 05:39:28)
What steps will reproduce the problem?
http://10.0.0.6/some_web/search/index/index/orderContractSearch/contract_status_ASC?'"--><script>alert(0x000324)</script>
What is the expected output? What do you see instead?
No js gets executed - output/input should be sanitised.
Please insert the appropriate values;
Zend Framework version: 1.10.2
ZFDatgrid Version (Bvb_Grid::getVersion()): 0.6
Operating system: linux
PHP Version: 5.2
Database Server and version:
Source Adatapter:
Please provide any additional information below.
I was testing our application by Netsparker (Community Edition) and this
XSS was identified.
Original issue: http://code.google.com/p/zfdatagrid/issues/detail?id=256
The text was updated successfully, but these errors were encountered: