[Bug 9754] New: Possible XSS exploit possibility

23 Sep 2007


      http://bugs.winehq.org/show_bug.cgi?id=9754
Summary: Possible XSS exploit possibility
           Product: WineHQ Apps Database
           Version: unspecified
          Platform: Other
               URL: http://appdb.winehq.org/objectManager.php?bIsQueue=false
                    &bIsRejected=false&sClass=application&iId=1369&sAction=s
                    howMoveChildren&sTitle=Could%20this%20be%20exploited?
        OS/Version: other
            Status: UNCONFIRMED
          Severity: major
          Priority: P2
         Component: website-bugs
        AssignedTo: wine-bugs@winehq.org
        ReportedBy: marco@harddisk.is-a-geek.org
While surfing the AppDB entry for GTA Vice City
(http://appdb.winehq.org/objectManager.php?sClass=application&iId=1369), I
found a link at the bottom of the page stating "Move child objects".
I clicked on it and found out that the URL contains a parameter sTitle, which
apparently sets the page title and can be set to any text I think of.
Good news is that obvious Javascript does not work, but I think it'd be easy
for a pro to develop a working XSS exploit.
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 9754] New: Possible XSS exploit possibility