[pmwiki-users] Fix for cross-site scripting (XSS) in wikitrail links

Patrick R. Michaud pmichaud at pobox.com
Tue Apr 4 07:53:48 CDT 2006


On Tue, Apr 04, 2006 at 02:11:03AM +0000, ljb wrote:
> 
> Using pmwiki-2.1.5:
> 
> The displayed text for links to previous and next pages in a wikitrail 
> are not being escaped when sent to the browser. This lets you insert
> arbitrary HTML and scripts on a wiki page.

Now fixed for 2.1.6, thanks!

Pm




More information about the pmwiki-users mailing list