Summary: | Reflected XSS - https://dev.eclipse.org/portal/myfoundation/tests/explore.php | ||||||
---|---|---|---|---|---|---|---|
Product: | Community | Reporter: | Jamieson O\'Reilly <jamiesonoreilly> | ||||
Component: | Project Management & Portal | Assignee: | Portal Bugzilla Dummy Inbox <portal-inbox> | ||||
Status: | RESOLVED FIXED | QA Contact: | |||||
Severity: | major | ||||||
Priority: | P3 | CC: | contact, denis.roy, nobody, wayne.beaton | ||||
Version: | unspecified | Keywords: | security | ||||
Target Milestone: | --- | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
Whiteboard: | |||||||
Attachments: |
|
Description
Jamieson O\'Reilly
2013-11-14 00:39:19 EST
Tested and working in FireFox 20.0 Not working in Chrome/IE Matt, Wayne, since the Portal is deprecated, can we just remove or otherwise block this file? If altering the code and rebuilding the Portal is too much of a hassle, I'm open to adding an Apache rewrite to send a 403 Forbidden for that URI. I'll investigate I decided that the cost of fixing the problem outweighed the benefit of maintaining the page. I've replaced the dynamic content with a static message. |