Defect #13069

XSS with images

Added by Vlad Sychov almost 5 years ago. Updated almost 5 years ago.

Status:ClosedStart date:
Priority:HighDue date:
Assignee:-% Done:

0%

Category:Accounts / authentication
Target version:-
Resolution:Duplicate Affected version:

Description

If you write in image source address like this: http://www.redmine.org/logout then after image loading user will sigh out.
Sorry for my bad English.
Example: !http://www.redmine.org/logout?a.gif!


Related issues

Duplicates Redmine - Defect #13022: Image pointing towards /logout signs out user Closed

History

#1 Updated by Etienne Massip almost 5 years ago

  • Description updated (diff)
  • Status changed from New to Closed
  • Resolution set to Duplicate

Dupe of #13022 (and not XSS).

Thanks anyway!

Also available in: Atom PDF