Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0003962Openbravo ERPC. Securitypublic2008-06-13 10:022008-06-24 16:52
Reporterpjuvara 
Assigned Toiperdomo 
PriorityimmediateSeveritycriticalReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS20OS VersionUbuntu 7.10
Product Version2.35MP4 
Target VersionFixed in Version2.35MP6 
Merge Request Status
Review Assigned To
OBNetwork customerNo
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0003962: Cross-site scripting vulnerability
DescriptionDetails not disclosed
Steps To Reproduce
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
blocks defect 0003960pi closed iperdomo Cross-site scripting vulnerability 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2008-06-13 10:02pjuvaraNew Issue
2008-06-13 10:02pjuvaraAssigned To => iciordia
2008-06-13 10:02pjuvaraStatusnew => scheduled
2008-06-19 19:24iperdomoAssigned Toiciordia => iperdomo
2008-06-20 12:24svnbotCheckin
2008-06-20 12:24svnbotNote Added: 0007905
2008-06-20 12:24svnbotStatusscheduled => resolved
2008-06-20 12:24svnbotResolutionopen => fixed
2008-06-20 12:24svnbotsvn_revision => 5242
2008-06-23 23:26cromeroFixed in Version => 2.35MP6
2008-06-24 16:52plujanStatusresolved => closed

Notes
(0007905)
svnbot   
2008-06-20 12:24   
Repository: openbravo
Revision: 5242
Author: iperdomo
Date: 2008-06-20 12:24:51 +0200 (Fri, 20 Jun 2008)

Fixes bug 3962: Sanitized input parameters to prevent XSS

---
U branches/r2.3x/src-core/src/org/openbravo/base/VariablesBase.java
U branches/r2.3x/src-core/src/org/openbravo/utils/FormatUtilities.java
---

https://dev.openbravo.com/websvn/openbravo/?rev=5242&sc=1 [^]