On Wed, 06 Jan 2010, Holger Levsen wrote: > ow...@bugs.debian.org is the right address for such reports. > > On Mittwoch, 6. Januar 2010, David Shaw wrote: > > While browsing debian.org today, I noticed that some of the fields > > were not correctly sanitized, leading to a cross-site scripting > > vulnerability. > > > > The URL to verify this vulnerability (with an XSS popup) is: > > > > http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=%27%27;exclude=subject%3A% > >22%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E
Thanks for the report; this has been fixed. Don Armstrong -- PowerPoint is symptomatic of a certain type of bureaucratic environment: one typified by interminable presentations with lots of fussy little bullet-points and flashy dissolves and soundtracks masked into the background, to try to convince the audience that the goon behind the computer has something significant to say. -- Charles Stross _The Jennifer Morgue_ p33 http://www.donarmstrong.com http://rzlab.ucr.edu -- To UNSUBSCRIBE, email to debian-www-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
