| commit | dc50cf38c11ad845115bae35d2dc8a7e9c4893ff | |
| author | Kai Blin <kai@samba.org> | |
| Thu, 7 Jul 2011 08:03:33 +0000 (7 10:03 +0200) | ||
| committer | Jeremy Allison <jra@samba.org> | |
| Tue, 26 Jul 2011 20:22:25 +0000 (26 22:22 +0200) | ||
| tree | 221a602705636bd3fe3e8d224e592b4aefe96946 | treesnapshot (tar.gz zip) |
| parent | 78b54e9ee1d9fa7d3117a0a82db11da3f9ec8223 | commitdiff |
s3 swat: Fix possible XSS attack (bug #8289)
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.
This patch fixes the reflection issue by not printing user-specified content on
the website anymore.
Signed-off-by: Kai Blin <kai@samba.org>
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.
This patch fixes the reflection issue by not printing user-specified content on
the website anymore.
Signed-off-by: Kai Blin <kai@samba.org>
| source3/web/swat.c | diffblobblamehistory |