Page MenuHomePhabricator

Reports are vulnerable to code injection
Open, HighPublic

Description

If registry values contain f.ex. HTML code, this will be interpreted by report viewer.
Needs implementation of proper string parsing in report module.

Event Timeline

gida claimed this task.
gida raised the priority of this task from to High.
gida updated the task description. (Show Details)
gida added a project: fred.
gida changed the visibility from "All Users" to "Public (No Login Required)".
gida changed the edit policy from "All Users" to "Administrators".