On Sat 02 Oct 2010 16:56 +0000, Viktor Leonhardt wrote: > Hello, > While working on a better E-mail validation, i found some cross-site > vulnerabilities > in the lib/accfuncs.inc. Here is the Patch, witch is fixing this > problem. I hope, that i found > all relevant parts, because I'm not so familiar with this site. You > can try it by your own > by setting a user name or e-mail with a single quote. Like: > > "foo'><script>alert('XSS');</script>" > > I will soon commit a patch for the E-mail validation using this website[1]. > The most is working, except an problem with the double quotes. > > [1] http://www.linuxjournal.com/article/9585 > > greetings Viktor
> From eaea9a4d11c1cd2740079864d28d9a10329fe849 Mon Sep 17 00:00:00 2001 > From: Viktor Leonhardt <leonh...@unix-ag.uni-kl.de> > Date: Sat, 2 Oct 2010 16:47:52 +0000 > Subject: [PATCH] Fixing XSS vulnerability > > --- > web/lib/acctfuncs.inc | 30 +++++++++++++++--------------- > 1 files changed, 15 insertions(+), 15 deletions(-) Wow I thought that was fixed a long time ago. Thanks.