Project

General

Profile

Actions

Defect #13069

closed

XSS with images

Added by Vlad Sychov about 11 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
High
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Duplicate
Affected version:

Description

If you write in image source address like this: http://www.redmine.org/logout then after image loading user will sigh out.
Sorry for my bad English.
Example: !http://www.redmine.org/logout?a.gif!


Related issues

Is duplicate of Redmine - Defect #13022: Image pointing towards /logout signs out userClosedJean-Philippe Lang

Actions
Actions #1

Updated by Etienne Massip about 11 years ago

  • Description updated (diff)
  • Status changed from New to Closed
  • Resolution set to Duplicate

Dupe of #13022 (and not XSS).

Thanks anyway!

Actions

Also available in: Atom PDF