History | Log In     View a printable version of the current page.  
Issue Details (XML | Word | Printable)

Key: OX-4795
Type: Sub-task Sub-task
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Matteo Beccati
Reporter: andrew.hill
Votes: 0
Watchers: 0

If you were logged in you would be able to see more operations.
OpenX Ad Server

Issue Item #1

Created: 27/Jan/09 03:56 PM   Updated: 30/Jan/09 05:14 PM
Component/s: OXP: User Interface
Affects Version/s: OpenX 2.4.9, OpenX 2.6.3, OpenX 2.7.28-beta
Fix Version/s: OpenX 2.4.10, OpenX 2.6.4, Milestone 27, OpenX 2.7.29-beta
Security Level: Public (All users can see these issues)

Time Tracking:
Original Estimate: 6h
Original Estimate - 6h
Remaining Estimate: 0h
Time Spent - 6h
Time Spent: 6h
Time Spent - 6h

Issue Links:

Passed QA Version/s: OpenX 2.4.10, OpenX 2.6.4 and OpenX 2.7.29-beta

 Description  « Hide
"Input passed to the "clientid" parameter in "www/admin/banner-acl.php", "www/admin/banner-edit.php", "www/admin/campaign-zone.php", "www/admin/advertiser-campaigns.php", "www/admin/campaign-banners.php", and "www/admin/banner-activate.php" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site."

 All   Comments   Work Log   Change History   FishEye   Crucible   Builds      Sort Order: Ascending order - Click to sort in descending order
Matteo Beccati - 28/Jan/09 11:00 AM
Time Worked: 6h
<No comment>