Ticket #250 (closed 测试: 已处理)

Opened 12 years ago

Last modified 12 years ago

家居论坛“联系方式”存在xss脚本注入的安全问题

Reported by: chenguohao Owned by: dingjianyong
Priority: 最高级(1) Milestone:
Component: 家居网论坛 Version:
Keywords: Cc:
Due Date: 31/01/2014

Description

游戏网论坛特有功能(自定义头衔)也存在xss脚本注入的安全问题,但是这个权限只有管理员和站长有;
家居论坛这个已开放给网友使用;

现在处理的方式是暂时把网友的权限都设为“否”;
该漏洞在sprint31处理

Change History

comment:1 Changed 12 years ago by chenguohao

  • Type changed from 用户报障 to 测试

comment:2 Changed 12 years ago by lijianwen

家居论坛的联系方式和游戏论坛的自定义头衔都已在sprint31修复

comment:3 Changed 12 years ago by lijianwen

  • Status changed from new to closed
  • Resolution set to 已处理
Note: See TracTickets for help on using tickets.