XSS vulnerability found from http://http://qa.debian.org

To: debian-qa@lists.debian.org
Subject: XSS vulnerability found from http://http://qa.debian.org
From: Henri Salo <henri@nerv.fi>
Date: Thu, 1 May 2014 14:26:49 +0300
Message-id: <[🔎] 20140501112649.GD29115@kludge.henri.nerv.fi>

Hello,

I found XSS vulnerability from http://qa.debian.org/ service. Here is proof of
concept:

http://qa.debian.org/developer.php?login=%27%22%3E%3Cmarquee%3E&comaint=yes

Please reply when this has been fixed, thank you.

---
Henri Salo

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: XSS vulnerability found from http://qa.debian.org
  - From: Jakub Wilk <jwilk@debian.org>

Next by Date: Re: XSS vulnerability found from http://qa.debian.org
Next by thread: Re: XSS vulnerability found from http://qa.debian.org
Index(es):
- Date
- Thread