• Dave Cridland's avatar
    OF-836 CVE-2015-6972 MUC service description · 340f0fc9
    Dave Cridland authored
    The mucdesc parameter of muc-service-edit-form.jsp was reflected unescaped in
    the summary view at muc-service-summary.jsp
    
    This was reported by Florian Nivette of Sysdream.
    
    Fixed by escaping on output within muc-service-summary.jsp.
    
    In addition, domain validation was added on input.
    340f0fc9
Name
Last commit
Last update
..
bin Loading commit data...
conf Loading commit data...
database Loading commit data...
i18n Loading commit data...
java Loading commit data...
javadoc/jdk15 Loading commit data...
plugins Loading commit data...
resources Loading commit data...
security Loading commit data...
spank Loading commit data...
test Loading commit data...
tools/anttask/org/jivesoftware/ant Loading commit data...
web Loading commit data...