Re: XSS vulnerability on bugs.debian.org
On Mon, 12 Nov 2007, Don Armstrong wrote:
> On Tue, 13 Nov 2007, T-Ping T-Ping wrote:
> > I saw that someone named Fugitif had found an XSS vulnerability on
> > bugs.debian.org that is still unpatched.
> > Here is an example XSS for this bug:
> > http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg="><script>alert("XSS")</script>
>
> Ah; one of them slipped through. I'll deal with this shortly.
This is resolved now.
Don Armstrong
--
[T]he question of whether Machines Can Think, [...] is about as
relevant as the question of whether Submarines Can Swim.
-- Edsger W. Dijkstra "The threats to computing science"
http://www.donarmstrong.com http://rzlab.ucr.edu
Reply to: