Code

Opened 7 years ago

Closed 7 years ago

#4631 closed (invalid)

XSS in admin panel Filter block

Reported by: Piotr Maliński <riklaunim@…> Owned by: adrian
Component: contrib.admin Version: 0.96
Severity: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

search by date (list_filter) option for models in the admin panel (Filter right side block) has a bug that allows XSS through search (search_fields).
Search for:

sss"><textarea>

and the links for date filtering will be broken with a textarea

Attachments (0)

Change History (1)

comment:1 Changed 7 years ago by Simon G. <dev@…>

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to invalid
  • Status changed from new to closed

Hmm.. I'm unable to repeat this - I'm hoping it's been fixed in the meantime. Can you check if this is still a problem?

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.