Bug#346255: Javascript and HTML injection on http://qa.debian.org/developer.php
Package: qa.debian.org
Severity: critical
Tags: security
Justification: root security hole
on http://qa.debian.org/developer.php it is possible to inject javascript and html tags:
http://qa.debian.org/developer.php?excuse=%3Cscript%20type=text/javascript%3Ealert(this)%3C/script%3E
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-bigbad
Locale: LANG=de_DE.UTF-8@euro, LC_CTYPE=de_DE.UTF-8@euro (charmap=UTF-8)
Reply to: