* Tilman Koschnick [2006-09-25 11:27:10+0200] > Package: elog > Version: 2.6.1+r1642-1 > Severity: grave > Tags: security > Justification: user security hole > > Hi, > > when editing a log entry in HTML mode, elog accepts arbitrary JavaScript > code. This code will be executed in the browser of other users viewing the > entry (provided they have JavaScript enabled), thus exposing the users > to a XSS (cross site scripting) attack.
Hi, Thanks for your bug report. I'm going to make a new upload (r1719) which includes a fix for this issue. Feel free to reopen this bug if the problem persists. -- roktas
signature.asc
Description: Digital signature
