maria-docs team mailing list archive
-
maria-docs team
-
Mailing list archive
-
Message #00357
KB security bug: History pages have a XSS vulnerability
-
To:
“Maria Docs” team <"maria-docs"@lists.launchpad.net>
-
From:
100の人 <100@xxxxxxxxxxx>
-
Date:
Sat, 20 Dec 2014 14:33:37 +0900
-
User-agent:
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
I think that history pages in MariaDB Knowledge Base have a cross-site scripting vulnerability because special characters contained in link texts and revision comments are not escaped.
For example, this page: https://mariadb.com/kb/en/meta/editing-help/creole-formatting/+history
--
100の人
