[PHPBB3-9903] Execute javascript in [flash=] BBCode - phpBB Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 3.0.7-PL1, 3.0.8-RC1
Fix Version/s: 3.0.8
Component/s: Posting
Labels:
None

Fix URL:
https://github.com/phpbb/phpbb3/commit/2831a3a9a97c1ee8b714c8034c64379eff90faa0

Description

You can execute javascript by posting it into the flash-bbcode.
Example:

[flash=1,1]javascript:alert(/Guess what?/);[/flash]

For more details see:

https://forum.antichat.ru/showpost.php?p=1775767

Attachments

Activity

People

Assignee:

Nils Adermann

Reporter:

Joas Schilling [X] (Inactive)

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

15/Nov/10 9:38 PM

Updated:

15/Apr/12 1:24 PM

Resolved:

05/Apr/12 2:32 PM