1
0
Fork 0
mirror of https://github.com/transmission/transmission synced 2025-03-20 18:55:32 +00:00
transmission/web
Mike Gelfand 523d8c1317 Tracker error XSS in inspector (web client)
Tracker error messages are inadequately output encoded when rendered by the
tracker information page inside the WebUI, allowing a malicious tracker to
inject an XSS payload into the page. Esploiting this issue allows an
attacker to supply arbitrary client-side code that will ultimately be
rendered and executed within the end user's web browser.

Found by Rory McNamara (Gotham Digital Science). CVE pending.
2018-04-17 13:25:49 +03:00
..
images (trunk) slightly better image compression by passing them through pngwolf 2013-07-14 23:03:31 +00:00
javascript Tracker error XSS in inspector (web client) 2018-04-17 13:25:49 +03:00
style #4866: Replace existing menus with jQueryUI menu 2015-04-30 05:20:48 +00:00
index.html #4518: Mark appropriate fields in prefs as html5 number fields (patch by e-moe) 2015-10-08 18:54:43 +00:00
LICENSE initial import of the clutch-rpc branch 2008-07-10 23:40:28 +00:00
Makefile.am (trunk web) #4548 "non-local stylesheets and js" -- bundle jqueryui's css and accompanying images so that we don't have to rely on a third-party CDN. 2011-10-14 22:24:23 +00:00