[
Date Prev
][
Date Next
] [
Thread Prev
][
Thread Next
] [
Date Index
] [
Thread Index
]
Bug#717082: XSS on developer.php
To
:
submit@bugs.debian.org
Subject
: Bug#717082: XSS on developer.php
From
: Fernando Muñoz <
fernando@null-life.com
>
Date
: Tue, 16 Jul 2013 10:03:39 -0500
Message-id
: <
[🔎]
CAEr-gPEGDyO=UQZQ4dP2q4qdN13UDWdt9h-=H0AdKAkPLYK-2Q@mail.gmail.com
>
Reply-to
: Fernando Muñoz <
fernando@null-life.com
>,
717082@bugs.debian.org
Package:
qa.debian.org
Severity: important
The following links shows XSS flaws, it will show an alert on Firefox and put a marquee on the site.
http://qa.debian.org/developer.php?login=
"><script>alert(1)</script>
http://qa.debian.org/developer.php?gpg_key=%22%3E%3Cmarquee%3E
http://qa.debian.org/developer.php?package=%27%22%3E%3Cmarquee%3Es
Additional variables seems to be affected too.
- Fernando
Reply to:
debian-qa@lists.debian.org
Fernando Muñoz (on-list)
Fernando Muñoz (off-list)
Prev by Date:
Re: Bug#715793: qa.debian.org: how to remove "updated debian/watch file" from PTS?
Next by Date:
Bug#717412: qa.debian.org: PTS incorrectly identifies the same package as being too similar to itself
Previous by thread:
Re: archivesync push to quantz broken since July 5th
Next by thread:
Bug#717412: qa.debian.org: PTS incorrectly identifies the same package as being too similar to itself
Index(es):
Date
Thread