[rt-users] possible cross site scripting issue
Steve Wills
swills at webassign.net
Wed Jul 30 11:39:18 EDT 2008
It seems that emails with address lines of this form:
">'><IfRaME>"@example.com
(quotes included, this is a valid email address, I think) cause RT to
be unable to display a ticket. I think this may be a possible cross
site scripting problem or at least some data that should be escaped in
the web interface. Help on how to delete such a ticket would be
appreciated.
Thanks,
Steve
--
Steve Wills, Senior Systems Administrator
WebAssign, http://www.webassign.net/
Phone: (919) 829-8181 x116 Cell: (919) 622 6826
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20080730/1b14d171/attachment.htm>
More information about the rt-users
mailing list