× If you report a bug please specify the joomla and component version.

XSS vulnerability? Bug?

4 years 1 week ago #4001 by sakattack

I cannot use getVar because the var can be anything at all.

As for the demo site, can't you see the TEST" /> beside the sorteer op dropdown? Text has been insterted in the page. I know its not html but still...



  • Posts: 42
  • Thank you received:

  • Gender: Unknown
  • Birthdate: Unknown
  • Please Log in to join the conversation.

    4 years 1 week ago #4002 by bram

    getVar is supposed to get any value, sanitized.

    Sure you can see the 'TEST" >' on the page but it is not html anymore so it can't be used for XSS



  • Posts: 1494
  • Karma: 57
  • Thank you received: 247

  • Gender: Unknown
  • Birthdate: Unknown
  • Please Log in to join the conversation.

    Time to create page: 0.060 seconds
    Powered by Kunena Forum