Skip to content
Snippets Groups Projects
Commit f23f9594 authored by Andreas Gohr's avatar Andreas Gohr
Browse files

SECURITY escape user properties in user manager #1081 

The user properties (login, real name, etc) where not properly escaped
in the user manager's edit form. This allowed a XSS attack on the
superuser by registered users.

Thanks to Filippo Cavallarin from www.segment.technology for discovering
this bug.
parent 6abea1c0
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment