Fwd: BUG #14998: XXS vulnerabilities in PostgreSQL 'utf8 4-byte truncation' - Mailing list pgsql-bugs
Hi Andres,
My application uses PostgreSQL 9.6.2:
When we try inputing to my application as the below:
The result:
=> That is WordPress < 4.1.2 Stored XSS vulnerability.
As far as I know, this error is fixed by using MySQL's strict mode. For PostgreSQL, can there be any other way?
We appreciate your help in this matter and look forward to hearing from you soon.
Thanks,
Thu Luu
On Thu, Jan 4, 2018 at 11:22 AM, Andres Freund <andres@anarazel.de> wrote:
On 2018-01-04 04:19:19 +0000, PG Bug reporting form wrote:
> The following bug has been logged on the website:
>
> Bug reference: 14998
> Logged by: Thu Luu
> Email address: ltthu2810@gmail.com
> PostgreSQL version: 9.6.2
> Operating system: CentOs 6.x
> Description:
>
> My application uses the Postgresql 9.6.2. But, when I use the tool to scan
> the vulnerabilities. There are some errors related to DB: 'MYSQL utf8 4-byte
> truncation'.
> Refer:
> https://www.acunetix.com/vulnerabilities/web/mysql-utf8-4-by te-truncation
Postgres is not mysql, and to my knowledge does not suffer from an
equivalent vulnerability. So this more looks like a weakness in your
scanning tool.
Greetings,
Andres Freund
Attachment
pgsql-bugs by date: