Andreas Gohr
authored
The plugin manager echos raw URLs in error messages, this could allow to construct an XSS attack. However the affected form is CSRF protected, so an attacker would require another XSS vulnerability to get the needed token, rendering this attack unneeded. So this should not be exploitable.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
| Name | Last commit | Last update |
|---|---|---|
| .. | ||
| acl | ||
| authad | ||
| authldap | ||
| authmysql | ||
| authpgsql | ||
| authplain | ||
| config | ||
| info | ||
| plugin | ||
| popularity | ||
| revert | ||
| safefnrecode | ||
| testing | ||
| usermanager | ||
| action.php | ||
| admin.php | ||
| auth.php | ||
| index.html | ||
| remote.php | ||
| syntax.php | ||