View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
13182 | Bug reports | Security | public | 2018-01-15 15:47 | 2018-02-09 17:02 |
Reporter | cookiemonster | Assigned To | |||
Priority | none | Severity | minor | ||
Status | closed | Resolution | fixed | ||
Fixed in Version | 3.1.x | ||||
Summary | 13182: Filter HTML for XSS affects variables in end message | ||||
Description | Filter HTML for XSS affects variables in end message | ||||
Steps To Reproduce | create a link in end message like: | ||||
Tags | No tags attached. | ||||
Bug heat | 256 | ||||
Complete LimeSurvey version number (& build) | Version 3.0.3+180112 | ||||
I will donate to the project if issue is resolved | No | ||||
Browser | Firefox 57.0.4 (64-Bit) | ||||
Database type & version | libmysql - 5.5.54 | ||||
Server OS (if known) | Ubuntu | ||||
Webserver software & version (if known) | Apache/2.4.7 | ||||
PHP Version | 5.5.9 | ||||
Normal link works? |
|
yep, redirect as well, just the variable isn't filled - it stays like: ?pageId={id} ...where {id} should be e.g. 123 |
|
https://github.com/LimeSurvey/LimeSurvey/commit/4a8c0285161aa56c5dcec9f72e3bb9467d0e1b9a |
|
Version 3.3.0 released |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2018-01-15 15:47 | cookiemonster | New Issue | |
2018-01-25 10:02 | c_schmitz | Note Added: 46068 | |
2018-01-25 10:07 | cookiemonster | Note Added: 46069 | |
2018-01-26 17:47 |
|
Assigned To | => LouisGac |
2018-01-26 17:47 |
|
Status | new => resolved |
2018-01-26 17:47 |
|
Resolution | open => fixed |
2018-01-26 17:47 |
|
Fixed in Version | => 3.1.x |
2018-01-26 17:47 |
|
Note Added: 46117 | |
2018-02-09 17:02 | c_schmitz | Note Added: 46369 | |
2018-02-09 17:02 | c_schmitz | Status | resolved => closed |