The part of this bug report that concerns a cross site scripting attack has been assigned CAN-2005-2350. Please mention that in the changelog when fixing it.
The latter half of this bug seems to indicate that websieve's lack of escaping of user input can break the program, and possibly allow users to circumvent access controls, but I have not verified this, the report was a bit unclear, and so it has not been assigned a CVE id. -- see shy jo
signature.asc
Description: Digital signature
