[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: XSS in updated packages.debian.org



On Tue, Sep 18, 2007 at 08:23:48PM +0200, Moritz Naumann wrote:
> there's an XSS issue in the updated p.d.o:
> 
> http://packages.debian.org/content%3D0%3Bjavascript%3Aalert%280%29%3E/http-equiv%3Drefresh/%3Cmeta
> 
> The '0' which is output could be replaced by encoded text or arbitrary
> javascript instructions.

Thanks for your report. I have indentified the issue and will try to
deploy the fix ASAP.

Gruesse,
-- 
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/



Reply to: