[Mapguide-trac] [mapguide-trac] #2790: Potential XSS hole in AJAX viewer
MapGuide Open Source
trac_mapguide at osgeo.org
Wed Jan 9 14:18:55 PST 2019
#2790: Potential XSS hole in AJAX viewer
---------------------------+----------------------
Reporter: jng | Owner: jng
Type: defect | Status: assigned
Priority: low | Milestone: 3.1.2
Component: AJAX Viewer | Version:
Severity: trivial | Keywords:
External ID: |
---------------------------+----------------------
From the mailing list
{{{
Hi, there may be a xss hole in quickplotpreviewinner.jsp (Ajaxviewer
Java).
to prevent change the line 96 to
annotations.put("{scale}", "1 : " +
EscapeForHtml(request.getParameter("scale_denominator")));
I did not look at php or .net.
Regards svlad
}}}
--
Ticket URL: <https://trac.osgeo.org/mapguide/ticket/2790>
MapGuide Open Source <http://mapguide.osgeo.org/>
MapGuide Open Source Internals
More information about the mapguide-trac
mailing list