Ticket #19 (new defect)

Opened 4 years ago

Cross-site scripting vulnerability in confusables.jsp

Reported by: rick Owned by: mark
Component: webutils

Description

was CldrBug:8398

Someone reported to us via the contact form:

A Cross-Site Scripting (XSS) vulnerability was reported on your website: https://www.xssposed.org/incidents/55700/

The specific URL reported is:

http://unicode.org/cldr/utility/confusables.jsp?a="><svg/onload=alert( /xssposed/)>\&r=None

(I don't know a fix or have any further info on this.)

Note: See TracTickets for help on using tickets.