Project

General

Profile

Actions

Bug #16949

open

Potential XSS via Backup package entry name and path values

Added by Jim Pingle about 13 hours ago. Updated about 11 hours ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
Backup
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

The Backup package does not validate the name or path values for Backup location entries. It also prints the name and path values without encoding, leading to a potential XSS.

Reported by: @lujiefsi

Actions

Also available in: Atom PDF