Project:
| View Revisions: Issue #12034 | [ All Revisions ] [ Back to Issue ] | ||
| Summary | 0012034: Cross-site Scripting in the generated xxx_Relation.html files | ||
| Revision | 2011-11-22 18:29 by shuehner | ||
| Description | The value of inpParamSessionDate is not validated/escaped to prevent malicious code from being executed in the browser. The same field is present in all the various xxx_Relation.html files as they are generated at compile time based on a common-template. Example URL's where the issue can be reproduced: /openbravo/Message/Message_Relation.html /openbravo/Reference/Reference_Relation.html /openbravo/SystemInfo/SystemInfo_Relation.html /openbravo/User/User_Relation.html /openbravo/Form/Form_Relation.html |
||
| Revision | 2011-11-22 18:29 by shuehner | ||
| Description | The value of inpParamSessionDate is not validated/escaped to prevent malicious code from being executed in the browser. | ||
| Copyright © 2000 - 2009 MantisBT Group |
 |