Page MenuHomePhabricator

Reports are vulnerable to code injection
Open, HighPublic

Description

If registry values contain f.ex. HTML code, this will be interpreted by report viewer.
Needs implementation of proper string parsing in report module.

Event Timeline

gida created this task.Jan 15 2015, 6:09 PM
gida updated the task description. (Show Details)
gida raised the priority of this task from to High.
gida claimed this task.
gida added a project: fred.
gida changed the visibility from "All Users" to "Public (No Login Required)".
gida changed the edit policy from "All Users" to "Administrators".