]> git.ipfire.org Git - ipfire-2.x.git/commit
projects / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0a340fb) | patch
mail.cgi: Do not print content of input fields
authorMichael Tremer <michael.tremer@ipfire.org>
Wed, 30 Oct 2019 10:59:00 +0000 (10:59 +0000)
committerArne Fitzenreiter <arne_f@ipfire.org>
Wed, 13 Nov 2019 18:41:02 +0000 (18:41 +0000)
commit095bf494074994c5a2cd867f3b00603de95ed207
treec8571edc2fe651e03b2eb6da7bb9eb04d9fa8ae6tree | snapshot
parent0a340fbe1e76323afc7473b296dec871f3d820b0commit | diff
mail.cgi: Do not print content of input fields

This was printed unescaped and could therefore be used
for a stored XSS attack.

Fixes: #12226
Reported-by: Pisher Honda <pisher24@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
html/cgi-bin/mail.cgi diff | blob | blame | history
IPFire 2.x development tree