XSS in pgstatus code

To: mehdi@debian.org, debian-wb-team@lists.debian.org, wbadm@buildd.debian-ports.org
Subject: XSS in pgstatus code
From: Moritz Naumann <bugs.debian.org@moritz-naumann.com>
Date: Mon, 13 Feb 2012 04:48:40 +0100
Message-id: <[🔎] 4F388818.3090104@moritz-naumann.com>

Hi Mehdi, Debian WB-Team, debian-ports.org webadmins,

I just came across this XSS in the pgstatus code and though I'd let you
know.

> https://buildd.debian.org/status/architecture.php?a=%3Cscript%3Ealert%28%27Whoops,%20XSS.%27%29%3C/script%3E

> http://buildd.debian-ports.org/status/architecture.php?a=%3Cscript%3Ealert%28%27Whoops,%20XSS.%27%29%3C/script%3E

If possible, please let me know whether and how you will or did already
handle it.

Thanks for keeping things up and running,

Moritz

Reply to:

Follow-Ups:
- Re: XSS in pgstatus code
  - From: Mehdi Dogguy <mehdi@debian.org>

Prev by Date: Re: please requeue transfig
Next by Date: wanna-build deployment for derivatives?
Previous by thread: [p-a-s/squeeze] Don't build xen-qemu-dm-4.0 on squeeze, except for i386 and amd64
Next by thread: Re: XSS in pgstatus code
Index(es):
- Date
- Thread