git.ipfire.org Git - people/ms/ipfire-2.x.git/commit

]> git.ipfire.org Git - people/ms/ipfire-2.x.git/commit

projects / people / ms / ipfire-2.x.git / commit

author	Michael Tremer <michael.tremer@ipfire.org>
	Wed, 30 Oct 2019 10:55:40 +0000 (10:55 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Wed, 30 Oct 2019 10:55:40 +0000 (10:55 +0000)
commit	4bd30c5975869b34489d9c8c3ecba92c78f42bb1
tree	858d2a6916cbdb341d6f8f36a8b33762b04eca0e	tree
parent	b9b9aba5bb7604530ed4b258c795d621c9e5f1e3	commit \| diff

mail.cgi: Do not print content of input fields

This was printed unescaped and could therefore be used
for a stored XSS attack.

Fixes: #12226
Reported-by: Pisher Honda <pisher24@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

html/cgi-bin/mail.cgi

diff | blob | blame | history

Michael's tree of IPFire 2.x.

RSS Atom