#5180 - side_news_archive Adding, then clearing, select param triggers XSS vulnerability
-
By PDStig
- Added
- 9 views
| Identifier | #5180 |
|---|---|
| Issue type | Minor issue (breaks specific functionality) |
| Title | side_news_archive Adding, then clearing, select param triggers XSS vulnerability |
| Status | Completed |
| Handling member | Chris Graham |
| Addon | General / Uncategorised |
| Description | side_news_archive block:
If select is left blank initially, it works correctly. However, if an item is added (select2) and then everything is removed, the block will then trigger XSS vulnerability. I'm not sure why as I'm not immediately spotting any difference in the parameters sent in the request. |
| Steps to reproduce | |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments
There have been no comments yet