XSS vulnerability in debian.org
Hello,
My name is David Shaw, and I am a security engineer with Redspin, Inc.
While browsing debian.org today, I noticed that some of the fields were not correctly sanitized, leading to a cross-site scripting vulnerability.
The URL to verify this vulnerability (with an XSS popup) is:
http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=%27%27;exclude=subject%3A%22%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E
If this was not the correct email address to send this, I apologize and would like to request the correct address.
Thank you,
David Shaw
Reply to: