subject:"Bug#389361\: XSS vulnerability in elog"

Bug#389361: XSS vulnerability in elog

2006-09-27 Thread Recai Oktaş

* Tilman Koschnick [2006-09-25 11:27:10+0200] > Package: elog > Version: 2.6.1+r1642-1 > Severity: grave > Tags: security > Justification: user security hole > > Hi, > > when editing a log entry in HTML mode, elog accepts arbitrary JavaScript > code. This code will be executed in the browser of o

Bug#389361: XSS vulnerability in elog

2006-09-25 Thread Tilman Koschnick

Package: elog Version: 2.6.1+r1642-1 Severity: grave Tags: security Justification: user security hole Hi, when editing a log entry in HTML mode, elog accepts arbitrary JavaScript code. This code will be executed in the browser of other users viewing the entry (provided they have JavaScript enable