[Mapguide-trac] [mapguide-trac] #2790: Potential XSS hole in AJAX viewer
MapGuide Open Source
trac_mapguide at osgeo.org
Thu Mar 21 05:33:33 PDT 2019
#2790: Potential XSS hole in AJAX viewer
-------------------------+----------------------
Reporter: jng | Owner: jng
Type: defect | Status: closed
Priority: low | Milestone: 3.1.2
Component: AJAX Viewer | Version:
Severity: trivial | Resolution: fixed
Keywords: | External ID:
-------------------------+----------------------
Comment (by jng):
In [changeset:"9482" 9482]:
{{{
#!CommitTicketReference repository="" revision="9482"
Merged revision(s) 9481 from branches/3.1/MgDev:
Plug potential XSS hole in Quick Plot (Java AJAX viewer). Unlike the
suggested fix in the original ticket, we'll just run the request parameter
through GetIntParameter() that would render any malicious content to 0.
Fixes #2790
........
}}}
--
Ticket URL: <https://trac.osgeo.org/mapguide/ticket/2790#comment:2>
MapGuide Open Source <http://mapguide.osgeo.org/>
MapGuide Open Source Internals
More information about the mapguide-trac
mailing list