lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <200903112325.n2BNPfS7030023@www3.securityfocus.com> Date: Wed, 11 Mar 2009 17:25:41 -0600 From: larry@...gica.com To: bugtraq@...urityfocus.com Subject: Trellis Desk v1.0 XSS Vulnerability This problem has been reported to the author but no action taken to resolve the issue. The search box does not sanitise data and is open to simple XSS SQL injection. file sources/article.php find around line 519 $searchstring = $this->ifthd->input['keywords']; Needs to have the following line added after... $searchstring = mysql_real_escape_string( $searchstring );