[Commotion-admin] [commotion-apps] Stored XSS in local application URL (High) (#12)
dismantl
notifications at github.com
Mon Sep 9 18:10:56 UTC 2013
Any text entered into the form should be escaped when presented back to users, and thus should prevent any javascript execution. I really wish these pentesters would have given some examples...
---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/commotion-apps/issues/12#issuecomment-24101251
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20130909/c4dae3fd/attachment.html>
More information about the Commotion-admin
mailing list