mirror of
https://github.com/transmission/transmission
synced 2025-03-20 18:55:32 +00:00
Tracker error messages are inadequately output encoded when rendered by the tracker information page inside the WebUI, allowing a malicious tracker to inject an XSS payload into the page. Esploiting this issue allows an attacker to supply arbitrary client-side code that will ultimately be rendered and executed within the end user's web browser. Found by Rory McNamara (Gotham Digital Science). CVE pending. |
||
---|---|---|
.. | ||
images | ||
javascript | ||
style | ||
index.html | ||
LICENSE | ||
Makefile.am |