#5236 - multi_content: XSS vulnerability when comcode_page is selected along with an undetermined other content
-
By PDStig
- Added
- 11 views
| Identifier | #5236 |
|---|---|
| Issue type | Minor issue (breaks specific functionality) |
| Title | multi_content: XSS vulnerability when comcode_page is selected along with an undetermined other content |
| Status | Open |
| Handling member | Chris Graham |
| Addon | General / Uncategorised |
| Description | Sometimes block_main_multi_content will throw XSS vulnerability. This happens when comcode_page content type is selected and some other content types are also selected which I cannot seem to determine.
Does not happen if comcode_page is not chosen or if comcode_page is the only item chosen. Also does not seem to happen if comcode_page and only one other content_type is chosen. Also works if every content type is selected. Very annoying / weird combinations trigger XSS. |
| Steps to reproduce | |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments