[Bug 9754] New: Possible XSS exploit possibility
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Sep 23 13:22:36 CDT 2007
http://bugs.winehq.org/show_bug.cgi?id=9754
Summary: Possible XSS exploit possibility
Product: WineHQ Apps Database
Version: unspecified
Platform: Other
URL: http://appdb.winehq.org/objectManager.php?bIsQueue=false
&bIsRejected=false&sClass=application&iId=1369&sAction=s
howMoveChildren&sTitle=Could%20this%20be%20exploited?
OS/Version: other
Status: UNCONFIRMED
Severity: major
Priority: P2
Component: website-bugs
AssignedTo: wine-bugs at winehq.org
ReportedBy: marco at harddisk.is-a-geek.org
While surfing the AppDB entry for GTA Vice City
(http://appdb.winehq.org/objectManager.php?sClass=application&iId=1369), I
found a link at the bottom of the page stating "Move child objects".
I clicked on it and found out that the URL contains a parameter sTitle, which
apparently sets the page title and can be set to any text I think of.
Good news is that obvious Javascript does not work, but I think it'd be easy
for a pro to develop a working XSS exploit.
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list