Username
Forgot password?
Welcome to our site!
Or Join with FTTF

XSS in LampCMS

1

916 views
Hi Dmitri,
i was doing a quick scan of LampCMS's security and noticed that the input of the tags is not fully sanitized before printing is back in the website. Only "/" characters are implicitely filtered because of the URL handling. This will lead to XSS exposure of the website. This is probably something you want to address.

maarten
Classity Informationsecurity
 
Edited April 17, 2012 11:24 am AZOST
image resizing problems
asked April 17, 2012 at 6:12 AM

 nl
I would appreciate if you send me some specific details. All text is run through the HTML_Safe class and before that through php tidy (if tidy is available with your version of php). There was an xss vulnarability discovered in search form but that was fixed long time ago.
flag
Apr 18 '12 at 6:48

0 Answers

Be the first to answer this question

Join with account you already have

FTTF

Preview

Alert