Page History

Versions Compared

Old Version 1

changes.mady.by.user Les Cottrell

Saved on Jun 20, 2018

compared with

New Version Current

changes.mady.by.user Les Cottrell

Saved on Jun 20, 2018

Key

This line was added.
This line was removed.
Formatting was changed.

...

XSS vulnerability against the format parameter in the QUERY_STRING.

Fixed by not reflecting the input from the format parameter.

XSS vulnerability against the rawdata parameter in the QUERY_STRING.

Fixed by using &valid_ip to validate parameter is a valid IP name or a valid IPv4 or IPv6 address and exiting if not.

XSS vulnerability against http://www-iepm.slac.stanford.edu/cgi-bin/connectivity.pl/%27%20onmouseover%3D%27alert%289%29%3B%27.

Fixed by not responding with $ENV{SCRIPT_URI} bur rather http://www-iepm.slac.stanford.edu/cgi-wrap/connectivity.pl