Opened 17 years ago
Last modified 17 years ago
#2256 closed defect
XSS vulnerabilities in mapserv CGI — at Initial Version
| Reported by: | dmorissette | Owned by: | dmorissette |
|---|---|---|---|
| Priority: | normal | Milestone: | 5.0 release |
| Component: | MapServer C Library | Version: | svn-trunk (development) |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Chris Schmidt has reported a XSS vulnerability in the mapserv CGI and provided a patch for it.
Another possible (but harder to exploit) XSS vulnerability has also been found in the template processing code.
This bug is to track the fix of those two vulnerabilities. The fixes will be released in MapServer 4.10.3 and 5.0.0-beta3.
Users of MapServer are strongly advised to upgrade to the latest releases as soon as they are available.
Note:
See TracTickets
for help on using tickets.
