Bug#346255: Javascript and HTML injection on http://qa.debian.org/developer.php

To: "Frederik Reiss" <frederikreiss@gmx.de>, 346255@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#346255: Javascript and HTML injection on http://qa.debian.org/developer.php
From: "Thijs Kinkhorst" <kink@squirrelmail.org>
Date: Fri, 6 Jan 2006 17:48:42 +0100 (CET)
Message-id: <[🔎] 49493.145.99.151.133.1136566122.squirrel@wm.kinkhorst.com>
Reply-to: "Thijs Kinkhorst" <kink@squirrelmail.org>, 346255@bugs.debian.org
In-reply-to: <[🔎] 20060106171800.22155.90934.reportbug@bigbad.beta.galaxie.lan>
References: <[🔎] 20060106171800.22155.90934.reportbug@bigbad.beta.galaxie.lan>

severity 346255 minor
thanks

Hello Frederik,

On Fri, January 6, 2006 18:18, Frederik Reiss wrote:
> on http://qa.debian.org/developer.php it is possible to inject javascript
> and html tags:
>
> http://qa.debian.org/developer.php?excuse=%3Cscript%20type=text/javascript%3Ealert(this)%3C/script%3E
>

This is not an issue since there's no valuable information stored in
cookies for that website as far as I know. Or is there?

Thijs

Reply to:

References:
- Bug#346255: Javascript and HTML injection on http://qa.debian.org/developer.php
  - From: Frederik Reiss <frederikreiss@gmx.de>

Prev by Date: Bug#346255: Javascript and HTML injection on http://qa.debian.org/developer.php
Next by Date: Bug#346255: Javascript and HTML injection on http://qa.debian.org/developer.php
Previous by thread: Bug#346255: Javascript and HTML injection on http://qa.debian.org/developer.php
Next by thread: Bug#346255: Javascript and HTML injection on http://qa.debian.org/developer.php
Index(es):
- Date
- Thread