History | Log In     View a printable version of the current page.  
Issue Details (XML | Word | Printable)

Key: OX-3997
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Miguel Correa
Reporter: Lukasz Wikierski
Votes: 0
Watchers: 0

If you were logged in you would be able to see more operations.
OpenX Ad Server

HTML injection into Delivery Limitations

Created: 04/Sep/08 11:51 AM   Updated: 17/Jul/09 10:45 AM
Component/s: OXP: User Interface
Affects Version/s: OpenX 2.4.8, OpenX 2.6.2, OpenX 2.7.16-dev, OpenX 2.7.27-beta
Fix Version/s: OpenX 2.4.9, OpenX 2.7.26-beta, Milestone 24, OpenX 2.6.3, Milestone 32, OpenX 2.8.2
Security Level: Public (All users can see these issues)

Time Tracking:
Original Estimate: 4h
Original Estimate - 4h
Remaining Estimate: 2.75h
Time Spent - 1.25h Remaining Estimate - 2.75h
Time Spent: 1.25h
Time Spent - 1.25h Remaining Estimate - 2.75h

Issue Links:

Passed QA Version/s: OpenX 2.6.3 and OpenX 2.8.2

 Description  « Hide
Create Banner and add Delivery limitation in Delivery Options tab (banner-acl.php).
Enter e.g.:
'> <iframe src="http://google.com" height="200"> </iframe> <div style='
into input fields

OpenX 2.6/2.7 plugins affected:
Site: Variable
Geo: Country / City
Geo: Latitude/Longitude

simillar problem is in 2.4 - but there singlequote and quote ( ' " ) are escaped by backslash ( \ ), so use this string to add iframe:
'> <iframe src=http://google.com height=200> </iframe> <div
OpenX 2.4 plugins affected:
Geo: Country / City
Geo: Latitude/Longitude

 All   Comments   Work Log   Change History   FishEye   Crucible   Builds      Sort Order: Ascending order - Click to sort in descending order

View Bamboo dashboard View Bamboo dashboard Bamboo Builds

The builds below were linked to this issue. Each build either fixes or is otherwise related to this issue.