Project

General

Profile

Bug #5453

HTML Injection via comment/short description fields

Added by Timothy Zingelman over 5 years ago.

Status:
New
Priority:
Low
Assignee:
-
Start date:
02/15/2014
Due date:
% Done:

0%

Estimated time:
Duration:

Description

We discussed this at a meeting. It is possible to insert HTML code into the comment and short description fields which then gets interpreted on the MISCOMP web forms.
I think simply changing every double-quote (") to a single-quote (') might 'fix' the issue.
This is LOW priority, as I just discovered that the existing MISCOMP web forms have the same problem!



Also available in: Atom PDF