Bug#764199: UDD: XSS in bts-usertags.cgi

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#764199: UDD: XSS in bts-usertags.cgi
From: Jakub Wilk <jwilk@debian.org>
Date: Mon, 6 Oct 2014 12:10:12 +0200
Message-id: <[🔎] 20141006101012.GA4469@jwilk.net>
Reply-to: Jakub Wilk <jwilk@debian.org>, 764199@bugs.debian.org

Package: qa.debian.org
Tags: security

https://udd.debian.org/cgi-bin/bts-usertags.cgi?tag=serious&user=jwilk%40debian.orgreads:

<td>xdotool: can't send ctrl+<key> to Iceweasel</td>

"<" and ">" in the bug subject should be escaped!

--
Jakub Wilk

Reply to:

Prev by Date: Bug#764072: marked as done (tracker.debian.org: opensearchdescription file /search.xml has wrong content-type)
Next by Date: Re: Bug#742344: Info received (Inclusion of German debconf template translation possible?)
Previous by thread: Bug#764178: debsources: infobox CSS alignment problem with short files
Next by thread: Re: Bug#742344: Info received (Inclusion of German debconf template translation possible?)
Index(es):
- Date
- Thread