If you report a bug please specify the joomla and component version.

XSS vulnerability? Bug?

More
7 years 5 months ago #4001 by sakattack
Replied by sakattack on topic XSS vulnerability? Bug?
I cannot use getVar because the var can be anything at all.

As for the demo site, can't you see the TEST" /> beside the sorteer op dropdown? Text has been insterted in the page. I know its not html but still...

Please Log in or Create an account to join the conversation.

More
7 years 5 months ago #4002 by bram
Replied by bram on topic XSS vulnerability? Bug?
getVar is supposed to get any value, sanitized.

Sure you can see the 'TEST" >' on the page but it is not html anymore so it can't be used for XSS

Please Log in or Create an account to join the conversation.

Time to create page: 0.172 seconds