If you report a bug please specify the joomla and component version.

XSS vulnerability? Bug?

sakattack
Topic Author
Offline
Senior Member

7 years 11 months ago #4001 by sakattack

Replied by sakattack on topic XSS vulnerability? Bug?

I cannot use getVar because the var can be anything at all.

As for the demo site, can't you see the TEST" /> beside the sorteer op dropdown? Text has been insterted in the page. I know its not html but still...

Please Log in or Create an account to join the conversation.

bram
Offline
Moderator

7 years 11 months ago #4002 by bram

Replied by bram on topic XSS vulnerability? Bug?

getVar is supposed to get any value, sanitized.

Sure you can see the 'TEST" >' on the page but it is not html anymore so it can't be used for XSS

Please Log in or Create an account to join the conversation.

Time to create page: 0.144 seconds