- Posts: 42
- Thank you received: 0
If you report a bug please specify the joomla and component version.
XSS vulnerability? Bug?
7 years 11 months ago #4001
by sakattack
Replied by sakattack on topic XSS vulnerability? Bug?
I cannot use getVar because the var can be anything at all.
As for the demo site, can't you see the TEST" /> beside the sorteer op dropdown? Text has been insterted in the page. I know its not html but still...
As for the demo site, can't you see the TEST" /> beside the sorteer op dropdown? Text has been insterted in the page. I know its not html but still...
Please Log in or Create an account to join the conversation.
7 years 11 months ago #4002
by bram
Replied by bram on topic XSS vulnerability? Bug?
getVar is supposed to get any value, sanitized.
Sure you can see the 'TEST" >' on the page but it is not html anymore so it can't be used for XSS
Sure you can see the 'TEST" >' on the page but it is not html anymore so it can't be used for XSS
Please Log in or Create an account to join the conversation.
Time to create page: 0.144 seconds