Cross-site scripting vulnerability in Roller search term treatment
------------------------------------------------------------------
Key: ROL-1766
URL: https://issues.apache.org/roller/browse/ROL-1766
Project: Roller
Issue Type: Bug
Components: Search
Affects Versions: 4.0, 3.1
Environment: any
Reporter: Anil Gangolli
Assignee: Roller Unassigned
The search term submitted to Roller as the value of the "q" parameter on search
requests (/search?q=query+terms) is echoed back in the default search form
without escaping HTML tags.
This can be converted to a cross-site scripting attack.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
