Description
Possible XSS HTML injection (wiki search box top right and fileupload rename field)
Steps to reproduce
Input "<script>alert('test')</script>" into search box and klick title or text
Example
Component selection
- general
Details
MoinMoin Version |
1.6.0alpha (0803e5da055d) |
OS and Version |
Debian Linux Stable |
Python Version |
Python 2.3.5 |
Server Setup |
|
Server Details |
|
Language you are using the wiki in (set in the browser/UserPreferences) |
|
Workaround
Discussion
Plan
- Priority:
Assigned to: ThomasWaldmann
- Status: fixed in 1.6 branch by changeset 1905: 60a6dd88624a