• Status Closed
  • Percent Complete
  • Task Type Bug Report
  • Category Backend
  • Assigned To
    Ortwin Pinke
  • Operating System All
  • Severity Critical
  • Priority Very High
  • Reported Version ConLite 2.0 RC
  • Due in Version ConLite 2.0.0
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: ConLite
Opened by Ortwin Pinke - 29.06.2017
Last edited by Ortwin Pinke - 06.07.2017

FS#171 - System and client allows xss in backend

Go to administration → system → expert settings.
Create new setting and set value to: <script>alert(”XSS Alert”);</script>
Script will be executed. Same with client settings

Closed by  Ortwin Pinke
06.07.2017 09:31
Reason for closing:  Fixed
Project Manager
Ortwin Pinke commented on 06.07.2017 06:22

Also check other fields in formular for xss, a bad one would also use type or name field.


Available keyboard shortcuts


Task Details

Task Editing