[Vtigercrm-commits] [vtiger development] #7509: CustomerPage: XSS problem into login page
vtiger development
vtiger-tickets at trac.vtiger.com
Fri Sep 28 08:35:36 PDT 2012
#7509: CustomerPage: XSS problem into login page
----------------------------+-----------------------------------------------
Reporter: jorge | Owner: developer
Type: defect | Status: new
Priority: critical | Milestone: Unassigned
Component: customerportal | Version: 5.4.0
Severity: High | Keywords:
----------------------------+-----------------------------------------------
When someone try to access into Customer Portal and he uses a wrong
credentials, he is redirected to login page with an error message. This
error message comes from the variable "login_error_msg" (located into the
URL) and it's value is created with base64_encode ( "error message" ). A
malicious user can modify this value and steal the session variable using
javascript.
[https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29 XSS]
--
Ticket URL: <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7509>
vtiger development <http://trac.vtiger.com/>
vtiger CRM
More information about the vtigercrm-commits
mailing list