• Dave Cridland's avatar
    OF-836 CVE-2015-6972 MUC service description · 340f0fc9
    Dave Cridland authored
    The mucdesc parameter of muc-service-edit-form.jsp was reflected unescaped in
    the summary view at muc-service-summary.jsp
    
    This was reported by Florian Nivette of Sysdream.
    
    Fixed by escaping on output within muc-service-summary.jsp.
    
    In addition, domain validation was added on input.
    340f0fc9
muc-service-edit-form.jsp 7.31 KB