git.samba.org - samba.git/commit

author	Kai Blin <kai@samba.org>
	Thu, 7 Jul 2011 08:03:33 +0000 (10:03 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Sun, 24 Jul 2011 19:25:46 +0000 (21:25 +0200)
commit	05fa09be5a801baa5d35014e2f54b46c1ff5466b
tree	cd044abce1c5f2967cfb2543b3c3e94822245170	tree
parent	315437d3d5a503b2d17c8a01f0e2c088febb041a	commit \| diff

s3 swat: Fix possible XSS attack (bug #8289)

Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.

This patch fixes the reflection issue by not printing user-specified content on
the website anymore.

Signed-off-by: Kai Blin <kai@samba.org>

source3/web/swat.c

diff | blob | history

Samba Shared Repository

RSS Atom