[Vtigercrm-developers] Security

Pabiszczak, Błażej b.pabiszczak at opensaas.pl
Mon Sep 29 16:59:32 GMT 2014


   1. XSS in Cloud Tag (e.g.: a<script>alert(123)</script>b a)
   2. Ignor limit the number of characters:
    c<script>alert(document.cookie)</script>d
      - You can view sessionid,
      - you can put img from external address
      - etc.
   3. You can change any records from pricebook module.
   4. You can put any html in notepad (e.g. external image)
   5. and many others

do you test systems? Do you use tools like Accunetix?

Z poważaniem / Regards
Błażej Pabiszczak
M: +48.884999123
E: b.pabiszczak at opensaas.pl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140929/4eb9b7a2/attachment.html>


More information about the vtigercrm-developers mailing list