[FFmpeg-trac] #3034(FFserver:new): XSS vulnerability in ffserver

FFmpeg trac at avcodec.org
Tue Oct 8 09:58:56 CEST 2013

#3034: XSS vulnerability in ffserver
             Reporter:  tborisow  |                     Type:  defect
               Status:  new       |                 Priority:  normal
            Component:  FFserver  |                  Version:  git-master
             Keywords:            |               Blocked By:
             Blocking:            |  Reproduced by developer:  0
Analyzed by developer:  0         |
 Summary of the bug:
 How to reproduce:
 % curl 'http://myserver/1ssssssss<h1 >'

 <head><title>404 Not Found</title></head>
 <body>File '/1ssssssss<h1>' not found</body>

 Special HTML characters needs to be escaped

 More about XSS:


Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/3034>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list