XSS in concurrent edit notification

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Medium
    • 3.0-rc1
    • Affects Version/s: 3.0-beta3
    • Component/s: None

      If a page is being editted by 

      <script>alert('hacked')</script>

      and another user edits it at the same time, they are vulnerable to a potential XSS attack.

        1. page-editor-29-patched.js
          22 kB
          Andrew Lynch
        2. page-editor-210-patched.js
          24 kB
          Andrew Lynch

            Assignee:
            CharlesA
            Reporter:
            Andrew Lynch (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: