Description
Markup in page name is not escaped in the page information.
This is an XSS issue.
Steps to reproduce
Create a page name including <strong>
- Delete cache
The editor name and items bellow become strong.
Component selection
Seems to theme problem.
Details
This Wiki.
Does not effect 1.3.x, which did not include the page name in the page info.
Workaround
Don't do that!
Discussion
The unescaped markup is in the page info:
<p id="pageinfo" class="info" lang="en" dir="ltr">MoinMoin: MoinMoinBugs/MarkupInPageName<strong> (last edited 2007-01-17 20:50:39 by
I'm not sure if the markup should be escaped when the page name enter the system - so if you try to create a page with <> it will be saved as %xx%yy on the disk, or the page name should be escaped each time it is used in the wiki.
Plan
- Priority: High
Assigned to: ThomasWaldmann
Status: fixed, see http://hg.thinkmo.de/moin/1.5?cs=7a29e90a96d1 (will be in 1.5.7)