Launchpad itself

XSS vunerability in inline distro series edit popup

Bug #741414 reported by Ian Booth on 2011-03-24

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Fix Released	Critical	Ian Booth	Launchpad itself 11.04

Bug Description

When the inline multicheckbox widget is used to edit distroseries on the recipe index page, the distro series names rendered on the popup are not escaped.

Tags:

Related branches

lp://qastaging/~wallyworld/launchpad/inline-multicheckbox-widget-xss

Merged into lp://qastaging/launchpad at revision 12662

j.c.sackett (community): Approve on 2011-03-24

Revision history for this message

Launchpad QA Bot (lpqabot) wrote on 2011-03-25:

Fixed in stable r12662 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/12662>.

Changed in launchpad:
milestone:	none → 11.04
tags:	added: qa-needstesting
Changed in launchpad:
status:	In Progress → Fix Committed

William Grant (wgrant) on 2011-03-26

tags:

added: qa-ok
removed: qa-needstesting

William Grant (wgrant) on 2011-03-28

Changed in launchpad:
status:	Fix Committed → Fix Released

William Grant (wgrant) on 2012-08-10

visibility:

private → public

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.