[pmwiki-devel] PITS/01030

Petko Yotov 5ko at 5ko.fr
Wed Jun 25 17:56:22 CDT 2008


On Wednesday 25 June 2008 16:12:35 Greg T. Grimes wrote:
> I am fairly new to PmWiki development and bug tracking.  Can someone
> explain the process of getting this bug fixed?  I see someone "voted" a 5
> for it, does this mean the person agrees?  Again, I'm new and just
> wondering.  Thank you.

Hello,

I am copying my question to the list:

How could possibly the current $_SERVER['REQUEST_URI'] variable be a serious 
cross-site scripting vulnerability for anyone else than the browser which is 
calling the login form with an invalid url (non-stripped tags...)? What 
exactly client-side code could be executed?

Feel free to demonstrate the vulnerability on my wiki which is located at 
http://galleries.accent.bg/Cookbook .

Thanks a lot.
Petko



More information about the pmwiki-devel mailing list