Opened 10 years ago

Closed 10 years ago

#3034 closed defect (fixed)

XSS vulnerability in ffserver

Reported by: Anatoliy Owned by:
Priority: normal Component: ffserver
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no


Summary of the bug:
How to reproduce:

% curl 'http://myserver/1ssssssss<h1 >'


<head><title>404 Not Found</title></head>
<body>File '/1ssssssss<h1>' not found</body>

Special HTML characters needs to be escaped

More about XSS:

Change History (1)

comment:1 by Michael Niedermayer, 10 years ago

Reproduced by developer: set
Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.