RhinoTrac

LassoSoft Ticket Tracking System

NOTE: If you are using Lasso Server 9.3 please Log your ticket directly via the LUX admin as this will give us more information about your issue.

Lasso 9 Issues

Ticket #8001: RhinoTrac does not encode html code properly

Reported by:

Jolle Carlestam

Date:

14 Jan, 2016

Priority:

major

Component:

Lasso 9

Version:

Keywords:

Platform:

Issue Report from Jolle Carlestam (jolle@carlestam.com)
Company: Kulturfaktorn

Component: Lasso 9 Server
Version: 9.3.1
Source IP: 81.234.192.155

Detail
======
Adding html as part of the detailed description to a Rhinotrac ticket is not properly encoded when viewed in a browser.
This is a security issue as demonstrated by Bil Corry at the latest LDC.

For example:
<script>
alert("Ooops")
</script>

Please log in to your LassoSoft account to comment

3 Internal Server Error

An error has occurred. The error has been logged and the system administrator has been notified.

You may go back and try again now, or, if the error persists, try again later. We apologize for the inconvenience.

Error Information

Error Code: 3

Error writing file '/tmp/MYt4Zdk1' (Errcode: 28)

Error reported by:

/skins/lassosoft/inner-2c.lasso

Your Cart

LassoSoft >

LassoDocs >

LassoTalk >

RhinoTrac

LassoSoft Ticket Tracking System

Lasso 9 Issues

Ticket #8001: RhinoTrac does not encode html code properly

Latest Method or Type

View Types and Methods

3 Internal Server Error

Error Information

LassoSoft Inc. > Home