Actions
Bug #3461
closed
XSS - package system
Start date:
02/17/2014
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
Description
pkg parameter isn't encoded properly, it's possible to inject javascript code:
https://ip/pkg_mgr_install.php?mode=delete&pkg=%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E
Updated by Ermal Luçi 
Updated by
Actions