Bug 151180
Summary: | Missing HTML escaping/XSS: <script>alert('hello world')</script> | ||
---|---|---|---|
Product: | [Community] Bugzilla | Reporter: | Ville Skyttä <scop> |
Component: | Bugzilla General | Assignee: | David Lawrence <dkl> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | David Lawrence <dkl> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 2.18 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-03-15 19:12:14 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ville Skyttä
2005-03-15 19:00:23 UTC
Yep, it is reproduced by the summary in this bug. Testing non-beta Bugzilla with this comment... Nope, only the beta is affected. thanks for the head's up. testing change to see if this is fixed with this comment. Seems to be fixed now. |