• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item6582: Sanitize URL parameters - CVE-2010-3841

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine   Normal Closed   patch 5.0.1

Edit Form Data

Reported By:
Applies To:
Current State:
Waiting For:
Target Release:
Released In:


Proposal to review and fix URL parameters for allowed characters. For example, the rev parameter should only allow integers.

-- TWiki:Main/PeterThoeny - 2010-09-26

This was in response to TWiki:Codev/SecurityAlert-CVE-2010-3841 - XSS Vulnerability with rev parameter & login script

Closed, scheduled for 5.0.1 release.

-- TWiki:Main.PeterThoeny - 2010-10-03

Patches for previous releases are posted at TWiki:Codev/SecurityAlert-CVE-2010-3841.

-- TWiki:Main.PeterThoeny - 2010-10-18

Summary Sanitize URL parameters - CVE-2010-3841
ReportedBy TWiki:Main.PeterThoeny
Codebase 5.0.0, ~twiki4
SVN Range TWiki-5.0.0, Sun, 12 Sep 2010, build 19445
AppliesTo Engine

Priority Normal
CurrentState Closed

Checkins TWikirev:19505 TWikirev:19506 TWikirev:19507 TWikirev:19508
TargetRelease patch
ReleasedIn 5.0.1
Edit | Attach | Watch | Print version | History: r8 < r7 < r6 < r5 < r4 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r8 - 2010-10-18 - PeterThoeny
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback