id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
2256	XSS vulnerabilities in mapserv CGI	dmorissette	dmorissette	"Chris Schmidt has reported a XSS vulnerability in the mapserv CGI and provided a patch for it. 

Another possible (but harder to exploit) XSS vulnerability has also been found in the template processing code.

This bug is to track the fix of those two vulnerabilities. The fixes will be released in MapServer 4.10.3 and 5.0.0-beta5. Older releases are also vulnerable (not sure how far back) but we won't produce new releases for them, instead instructions to patch the source will be provided in this ticket.

Users of MapServer are strongly advised to upgrade to the latest release as soon as it's available."	defect	closed	normal	5.0 release	MapServer C Library	svn-trunk (development)	normal	fixed