[rt-devel] HTML escaping bug in Update.html / "security problem"
ivan-rt-devel at 420.am
Fri Apr 5 08:47:29 EST 2002
See http://fsck.com/rt2/Ticket/Display.html?id=1330 (if it hasn't been
HTML escaping bugs are probably a "security problem" of sorts as a ticket
submitter (anonymous or with minimal permissions) can do all sorts of
nasty things to the browsers of those reading the tickets.
(p.s. mmmmm being an RT user... much better than hacking RT :)
More information about the Rt-devel