Re: rapport Vulnerability on ur site

To: mohammed souaidi <mohammed.souaidi07@gmail.com>
Cc: debian-www@lists.debian.org
Subject: Re: rapport Vulnerability on ur site
From: Steve McIntyre <93sam@debian.org>
Date: Sat, 26 Mar 2016 22:21:21 +0000
Message-id: <[🔎] 20160326222121.GA12221@einval.com>
In-reply-to: <[🔎] CAP21_AG+Ahqrw61z+mzXRjYDrP-figEX82O9UXSTFA5mb90FYw@mail.gmail.com>
References: <[🔎] CAP21_AG+Ahqrw61z+mzXRjYDrP-figEX82O9UXSTFA5mb90FYw@mail.gmail.com>

On Sat, Mar 26, 2016 at 03:10:46PM +0000, mohammed souaidi wrote:
>hi i'm M0hamm33d white hat
>dear admin u have problem on
>
>POST DATA :"><ScRiPt >prompt(995041)</ScRiPt>
>
>just close "> and past any code u get Xss
>
>http://cdimage-search.debian.org/?search_area=release&type=simple&query=";><ScRiPt
>>prompt(995041)</ScRiPt>&Search=Search&.cgifields=search_area&.cgifields=type

Hi,

Thanks very much for your report - I've just applied a fix. Please let
us know if you find any more issues, it's really appreciated.

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
"Arguing that you don't care about the right to privacy because you have
 nothing to hide is no different than saying you don't care about free
 speech because you have nothing to say."
   -- Edward Snowden

Reply to:

References:
- rapport Vulnerability on ur site
  - From: mohammed souaidi <mohammed.souaidi07@gmail.com>

Prev by Date: Bug#789377: www.debian.org: update browsers section in content negotiation page (cn.wml)
Next by Date: some site use debian logo
Previous by thread: rapport Vulnerability on ur site
Next by thread: 2 - Rapport Vulnerability on ur site
Index(es):
- Date
- Thread