#6336: XSS Vulner (index.php/anystuff here) ---------------------------------+------------------------------------------ Reporter: bakyt.niyazov | Owner: Type: Security Exploit | Status: new Priority: Critical | Milestone: 1.2.x.x Component: General | Version: 1.2 Final Severity: Critical | Resolution: Keywords: | Php_version: n/a Cake_version: | ---------------------------------+------------------------------------------ Comment (by ionas82):
Btw.: After adding the fix it displays the regular 404 page:[[BR]] Error: The requested address '/index.php/%22%3E%3Ch1%3EHeya%3C/h1%3E' was not found on this server. -- Ticket URL: <https://trac.cakephp.org/ticket/6336#comment:4> CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/> Cake is a rapid development framework for PHP which uses commonly known design patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. Our primary goal is to provide a structured framework that enables PHP users at all levels to rapidly develop robust web applications, without any loss to flexibility. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "tickets cakephp" group. To post to this group, send email to tickets-cakephp@googlegroups.com To unsubscribe from this group, send email to tickets-cakephp+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/tickets-cakephp?hl=en -~----------~----~----~----~------~----~------~--~---