| << Back to previous view |
|
[QB-3808] Next build version is not sanitizing user input, can execute potentially vulnerable arbitrary code
|
|
| Status: | Resolved |
| Project: | QuickBuild |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 11.0.26 |
| Type: | Bug | Priority: | Major |
| Reporter: | Steve Luo | Assigned To: | Unassigned |
| Resolution: | Fixed | Votes: | 0 |
| Remaining Estimate: | Unknown | Time Spent: | Unknown |
| Original Estimate: | Unknown | ||
| Description |
|
When next build version is a script like <script>alert("hello")</script>, it should be sanitized, otherwise, the script will be executed.
|