[solved] XSS Vulnerability in "Preview Post" feature of the forum
-
Writing a post here and then clicking on "Preview Post" can lead to a XSS vulnerability: I can inject tags using the "less than" and "greater than" HTML entities - these are not escaped in the preview.
<b>Hello Bold!</b>
Another test: <blink>Testing....</blink> (if your browser supports blink tags)
<iframe width="400" height="200" src="http://www.google.com/"></iframe>
Edit: It turns out the vulnerability even works when displaying the forum.
Bug report: http://bugreports.qt.nokia.com/browse/QTWEBSITE-113