Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Collin 42 posts 62 karma points
    Nov 11, 2011 @ 15:48
    Collin
    0

    XSS scripting potential

    If you save the following string "<script>alert("Booh!")</script>" in the field "name" of a document in the properties tab. This script will be executed every time the document is displayed in the content navigation tree (umbraco 4.7.0).

    This can be used to compromise logins of cms users if an hacker manages to get this stored in the database (please note that packages or custom components have access to this field and can present a potential entry point for a hacker).

    When could this be solved? And might there a simple solution available that we can use to patch this with?

Please Sign in or register to post replies

Write your reply to:

Draft