1. 30 Apr, 2015 1 commit
  2. 21 Apr, 2015 1 commit
  3. 13 Apr, 2015 1 commit
  4. 05 Feb, 2015 1 commit
  5. 22 Apr, 2014 1 commit
  6. 14 Oct, 2013 1 commit
  7. 18 Mar, 2013 1 commit
    • Hugh Davenport's avatar
      Fix stored XSS in TinyMCE editor (Bug #1153423) · 37172529
      Hugh Davenport authored
      
      
      This patch fixes a stored XSS in the TinyMCE editor, which could be
      reproduced where the editor was present. The input was stored which
      meant that any future collaborators could be affected by any malicious
      payload in the XSS.
      
      The patch works by escaping the defaultvalue of the wsyiwyg form
      element, which is the value stored the database.
      
      CVE 2013-1426
      
      Change-Id: Iecf5f1e520e6499db5a0f78493ce119a352b6a91
      Signed-off-by: Aaron Wells's avatarAaron Wells <aaronw@catalyst.net.nz>
      37172529
  8. 04 Sep, 2012 1 commit
  9. 13 May, 2011 1 commit
  10. 13 Apr, 2011 1 commit
  11. 21 Jul, 2010 1 commit
  12. 06 Jul, 2010 1 commit
  13. 23 Apr, 2010 1 commit
  14. 22 Apr, 2010 1 commit
  15. 15 Feb, 2010 2 commits
  16. 03 Nov, 2009 1 commit
  17. 15 Sep, 2009 1 commit
  18. 24 Mar, 2009 1 commit
  19. 11 Nov, 2008 1 commit
  20. 16 Feb, 2008 2 commits
  21. 29 Jan, 2008 2 commits
  22. 04 Dec, 2007 1 commit
  23. 17 Aug, 2007 1 commit
  24. 06 Mar, 2007 1 commit
  25. 11 Feb, 2007 1 commit
  26. 18 Jan, 2007 1 commit
  27. 17 Jan, 2007 1 commit
  28. 16 Jan, 2007 1 commit
  29. 08 Jan, 2007 1 commit
  30. 07 Jan, 2007 1 commit
  31. 09 Dec, 2006 1 commit
  32. 08 Dec, 2006 1 commit
  33. 07 Dec, 2006 1 commit
  34. 20 Nov, 2006 1 commit
  35. 13 Nov, 2006 1 commit
  36. 07 Nov, 2006 1 commit
  37. 31 Oct, 2006 1 commit