Bug#346255: Javascript and HTML injection on http://qa.debian.org/developer.php
severity 346255 minor
thanks
Hello Frederik,
On Fri, January 6, 2006 18:18, Frederik Reiss wrote:
> on http://qa.debian.org/developer.php it is possible to inject javascript
> and html tags:
>
> http://qa.debian.org/developer.php?excuse=%3Cscript%20type=text/javascript%3Ealert(this)%3C/script%3E
>
This is not an issue since there's no valuable information stored in
cookies for that website as far as I know. Or is there?
Thijs
Reply to: