possible xss in login screen

Hello,

there is a fix for an xss in the gosa code, mayber we are affected too

http://anonscm.debian.org/cgit/debian-edu/pkg-team/gosa.git/commit/?id=e8a1651380fee4de005750487e926c2971b86290

debian/patches: Add 0003_xss-vulnerability-on-login-screen.patch. Escape html entities to fix xss at the login screen. (Closes: #753388).

Cheers

(from redmine: issue id 3316, created on 2014-09-02, closed on 2014-09-22)

• Changesets:
  • Revision 13ecbb25 by Côme Chilliet on 2014-09-15T12:35:52.000Z:

Fixes: #3316 possible xss in login screen

• Revision 88e9c859 by Côme Chilliet on 2014-09-15T12:36:08.000Z:

Fixes: #3316 possible xss in login screen

• Custom Fields:
  • Bug in version: 1.0.8.1
• Uploads:
  • 0001-Fixes-3316-possible-xss-in-login-screen.patch

Hello,

applied to 1.0.8.2-fixes and develop

Cheers

(from redmine: written on 2014-09-15)

By bmortier on 2017-09-02T15:13:05 (imported from GitLab)

Test to create an user with "

bug

" uid and it give an error. It is good.

Selenium test is add too.

Close issue

(from redmine: written on 2014-09-22)

By Jonathan Swaelens on 2017-09-02T15:13:05 (imported from GitLab)

closed

By Jonathan Swaelens on 2017-09-02T15:13:06 (imported from GitLab)

added Security label

By bmortier on 2018-10-09T17:00:21 (imported from GitLab)

added fusiondirectory-core label

By bmortier on 2018-10-09T17:00:27 (imported from GitLab)

mentioned in issue fusiondirectory-security/security#1

By bmortier on 2020-04-14T16:17:18 (imported from GitLab)

removed Bugs label

added FSA-0007 label

added FSA-0006 label and removed FSA-0007 label