History | Log In     View a printable version of the current page.  
Issue Details (XML | Word | Printable)

Key: OX-4807
Type: Sub-task Sub-task
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: andrew.hill
Reporter: andrew.hill
Votes: 0
Watchers: 0

If you were logged in you would be able to see more operations.
OpenX Ad Server

Issue Item #13

Created: 27/Jan/09 04:01 PM   Updated: 30/Jan/09 02:33 PM
Component/s: OXP: User Interface
Affects Version/s: OpenX 2.6.3, OpenX 2.7.28-beta
Fix Version/s: OpenX 2.6.4, Milestone 27, OpenX 2.7.29-beta
Security Level: Public (All users can see these issues)

Time Tracking:
Original Estimate: 4h
Original Estimate - 4h
Remaining Estimate: 3.23h
Time Spent - 0.77h Remaining Estimate - 3.23h
Time Spent: 0.77h
Time Spent - 0.77h Remaining Estimate - 3.23h

Passed QA Version/s: OpenX 2.6.4 and OpenX 2.7.29-beta

 Description  « Hide
"The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. perform script insertion attacks via the "timezone" parameter in www/admin/account-preferences-timezone.php by tricking the user into visiting a malicious web site."

 All   Comments   Work Log   Change History   FishEye   Crucible   Builds      Sort Order: Ascending order - Click to sort in descending order

Pawel Dachterski - 29/Jan/09 05:48 PM
This is valid issue