#27 new

Possible [minor] injection risk

Reported by Reza | November 17th, 2008 @ 01:09 AM

Default generator adds a flash[:error] with unescaped params[:login] to session controller. One can simply inject arbitrary javascript code into login box.

No comments found

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Restful Authentication Generator

This widely-used plugin provides a foundation for securely managing user
* Login / logout
* Secure password handling
* Account activation by validating email
* Account approval / disabling by admin
* Rudimentary hooks for authorization and access control.


People watching this ticket