Launchpad itself

XSS Security issue on Launchpad CVE Sequence Number

Bug #208327 reported by Emanuele Gentili
262
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
Critical
Gavin Panella

Bug Description

Launchpad have a security issue on Link to CVE to "CVE Sequence Number" input text.

The problem is in "CVE Sequence Number", because accept and exec "<" ">" this chars.

It's possible solve it to simple php control with str_replace:

           $up1 = array ("<" , ">");
           $patch_deletion_comment_description = str_replace($up1, "", delete_comment_description);

and than substitute ${VAR} on submit string.

Fix similar to:
bug #204617
bug #207490
bug #207494

Revision history for this message
Emanuele Gentili (emgent) wrote :
Changed in launchpad:
status: New → Confirmed
Gavin Panella (allenap)
Changed in launchpad:
assignee: nobody → allenap
importance: Undecided → Critical
Revision history for this message
Gavin Panella (allenap) wrote :

In RF 5972

Changed in launchpad:
status: Confirmed → Fix Committed
Diogo Matsubara (matsubara)
Changed in launchpad:
status: Fix Committed → Fix Released
William Grant (wgrant)
visibility: private → public
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.