History | Log In     View a printable version of the current page.  
Issue Details (XML | Word | Printable)

Key: OX-4802
Type: Sub-task Sub-task
Status: Closed Closed
Resolution: Duplicate
Priority: Major Major
Assignee: Matteo Beccati
Reporter: andrew.hill
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
OpenX Ad Server
OX-4794

Issue Item #8

Created: 27/Jan/09 04:00 PM   Updated: 29/Jan/09 04:15 PM
Component/s: OXP: User Interface
Affects Version/s: OpenX 2.6.3, OpenX 2.7.28-beta
Fix Version/s: N/A, Milestone 27
Security Level: Public (All users can see these issues)

Time Tracking:
Not Specified

Issue Links:
Duplicate
 


 Description  « Hide
"Input passed to the "zoneid" parameter in "www/admin/zone-probability.php", "www/admin/zone-invocation.php", and "www/admin/zone-include.php" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site."

 All   Comments   Work Log   Change History   FishEye   Crucible   Builds      Sort Order: Ascending order - Click to sort in descending order
Matteo Beccati - 27/Jan/09 05:50 PM
2.6 needs backporting + double check
2.4 needs verfication