Re: XSS vulnerability in debian.org
On Wed, 06 Jan 2010, Holger Levsen wrote:
> owner@bugs.debian.org is the right address for such reports.
>
> On Mittwoch, 6. Januar 2010, David Shaw wrote:
> > While browsing debian.org today, I noticed that some of the fields
> > were not correctly sanitized, leading to a cross-site scripting
> > vulnerability.
> >
> > The URL to verify this vulnerability (with an XSS popup) is:
> >
> > http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=%27%27;exclude=subject%3A%
> >22%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E
Thanks for the report; this has been fixed.
Don Armstrong
--
PowerPoint is symptomatic of a certain type of bureaucratic
environment: one typified by interminable presentations with lots of
fussy little bullet-points and flashy dissolves and soundtracks masked
into the background, to try to convince the audience that the goon
behind the computer has something significant to say.
-- Charles Stross _The Jennifer Morgue_ p33
http://www.donarmstrong.com http://rzlab.ucr.edu
Reply to: