Actions
Bug #6737
closed
diag_dns.php: DNS results printed without encoding, leading to an XSS
Start date:
08/22/2016
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All
Description
There is a potential XSS in diag_dns.php from a lack of encoding on the DNS replies.
If a query is entered for xss.uparo.com, a script alert is shown.
Updated by
Actions