New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PCI Compliance Issues #2

Open

bradhurley opened this issue Aug 1, 2015 · 1 comment

Labels

bug

Milestone

bradhurley commented Aug 1, 2015

A PCI scan of my website identified injection attack issues with the Wiki module.

I did some testing and was able to execute some javascript code on a Wiki page in one of two ways:

By putting the script in the query string (i.e., wiki?topic=<script type="text/javascript">alert('hi');</script>
By putting the script in a Wiki comment

Are there any plans to resolve these issues?

Author

bradhurley commented Aug 1, 2015

(Irony) This wiki happened to strip out the script tag that I tried to include in my example above.

valadas added this to the 5.0.2 milestone

valadas added the bug label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment