|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Trellis Desk v1.0 XSS Vulnerability
larry
jlogica.com
Date: Wed Mar 11 2009 - 18:25:41 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This problem has been reported to the author but no action taken to resolve the issue.
The search box does not sanitise data and is open to simple XSS SQL injection.
file sources/article.php find around line 519
$searchstring = $this->ifthd->input['keywords'];
Needs to have the following line added after...
$searchstring = mysql_real_escape_string( $searchstring );
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]