Opened 7 years ago

Closed 7 years ago

#3034 closed defect (fixed)

XSS vulnerability in ffserver

Reported by: tborisow Owned by:
Priority: normal Component: ffserver
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no


Summary of the bug:
How to reproduce:

% curl 'http://myserver/1ssssssss<h1 >'


<head><title>404 Not Found</title></head>
<body>File '/1ssssssss<h1>' not found</body>

Special HTML characters needs to be escaped

More about XSS:

Change History (1)

comment:1 Changed 7 years ago by michael

  • Reproduced by developer set
  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.