Cross site scripting - on POST, title not escaped in createpage-entervariables

XMLWordPrintable

      http://localhost:8080/pages/createpage-entervariables.action

      Post data:
      spaceKey=ds&parentPageString=777-777-1911form%40value777.com&fromPageId=0&title=Shipping+Clerk%22%3e%3cscript%3ealert(76543)%3c%2fscript%3e&linkCreation=false&t%09emplateId=31

              Assignee:
              m@ (Inactive)
              Reporter:
              Tom Davies
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: