Re: [Agavi-Tickets] [Agavi] #1019: CVE-2009-0417: Cross-site scripting vulnerability in handling of incoming URLs

Agavi Wed, 04 Feb 2009 10:31:55 -0800

#1019: CVE-2009-0417: Cross-site scripting vulnerability in handling of incoming
URLs
----------------------+-----------------------------------------------------
 Reporter:  david     |        Owner:  david 
     Type:  defect    |       Status:  closed
 Priority:  highest   |    Milestone:  0.11.6
Component:  request   |      Version:  0.11.5
 Severity:  critical  |   Resolution:  fixed 
 Keywords:            |    Has_patch:  0     
----------------------+-----------------------------------------------------
Changes (by david):


  * status:  reopened => closed
  * resolution:  => fixed


Comment:

 (In [3767]) Fix #1019 w/o side effects: don't escape QUERY_STRING (not
 necessary for our purpose)

-- 
Ticket URL: </ticket/1019#comment:7>
Agavi <http://www.agavi.org/>
An MVC Framework for PHP5


_______________________________________________
Agavi Tickets Mailing List
[email protected]
http://lists.agavi.org/mailman/listinfo/tickets

Re: [Agavi-Tickets] [Agavi] #1019: CVE-2009-0417: Cross-site scripting vulnerability in handling of incoming URLs

Reply via email to