× If you report a bug please specify the joomla and component version.

normal XSS vulnerability? Bug?

5 years 11 months ago #4001 by sakattack
Replied by sakattack on topic XSS vulnerability? Bug?
I cannot use getVar because the var can be anything at all.

As for the demo site, can't you see the TEST" /> beside the sorteer op dropdown? Text has been insterted in the page. I know its not html but still...


  • Posts: 42
  • Thank you received:

  • Gender: Unknown
  • Birthdate: Unknown
  • Please Log in or Create an account to join the conversation.

    5 years 11 months ago #4002 by bram
    Replied by bram on topic XSS vulnerability? Bug?
    getVar is supposed to get any value, sanitized.

    Sure you can see the 'TEST" >' on the page but it is not html anymore so it can't be used for XSS


  • Posts: 1421
  • Thank you received: 234

  • Gender: Unknown
  • Birthdate: Unknown
  • Please Log in or Create an account to join the conversation.

    Time to create page: 0.063 seconds