Re: XSS vulnerability on bugs.debian.org
On Tue, 13 Nov 2007, T-Ping T-Ping wrote:
> I saw that someone named Fugitif had found an XSS vulnerability on
> bugs.debian.org that is still unpatched.
> Here is an example XSS for this bug:
> http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg="><script>alert("XSS")</script>
Ah; one of them slipped through. I'll deal with this shortly.
Don Armstrong
--
If a nation values anything more than freedom, it will lose its
freedom; and the irony of it is that if it is comfort or money it
values more, it will lose that, too.
-- W. Somerset Maugham
http://www.donarmstrong.com http://rzlab.ucr.edu
Reply to: