Hi,
On 24-okt-2008, at 22:02, Grégory Joseph wrote:
Where, how and how does it affect the system ?
If you trust the publisher (patrick in the demo) then this person can
inject
xss into the searchbox (bottom right). Stopped checking for more
problems
but it proves at this point that magnolia does not validate certain
user input.
If you want the exact injection then please provide some kind of
security
handle, I will mail it to them.
Best regards,
Hans
On Oct 24, 2008, at 8:37 PM, Hans Wolters wrote:
Dear all,
Is there a security member I can contact? I was able to store xss
into the demo.
__utmc=138021676; __utmz=138021676.1224872755.1.1.utmcsr=java-
source.net|utmccn=(referral)|utmcmd=referral|utmcct=/open-source/
content-managment-systems/magnolia;
JSESSIONID=CB6F27C2FBA0829B95A5B246DD831789;
__utmb=138021676.3.10.1224872755;
__utma=138021676.3812302028448725000.1224872755.1224872755.1224872755
.1
Best regards,
Hans Wolters
----------------------------------------------------------------
for list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
----------------------------------------------------------------
----------------------------------------------------------------
for list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
----------------------------------------------------------------
----------------------------------------------------------------
for list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
----------------------------------------------------------------
