Hi, These Savannah-related XSS bugs were fixed yesterday. (Emanuele alerted other persons about it - #gnu, savannah mailing list).
-- Sylvain On Sun, Jan 06, 2008 at 03:09:37AM -0500, Richard Stallman wrote: > Please DTRT about this report. > > ------- Start of forwarded message ------- > Message-ID: <[EMAIL PROTECTED]> > Date: Sat, 05 Jan 2008 07:17:27 +0100 > From: Emanuele Gentili <[EMAIL PROTECTED]> > MIME-Version: 1.0 > To: [EMAIL PROTECTED] > Subject: Security bug in gnu.org > Content-Type: text/plain; charset=ISO-8859-15 > > Hello Mr Stallman, > > I was surf in gnu website and i found some security bugs: > > http://www.gnu.org/search/fsd-search.py?q=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E > http://savannah.gnu.org/cookbook/?func=detailitem&comingfrom=23&item_id=%22%3E%3Cscript%3Ealert(420) > %3C/script%3E > https://savannah.gnu.org/account/login.php?uri=";><script>alert(document.cookie)</script> > > I'd like contribuite to GNU project, if you think that my contribute is > good, mail me :P > > > Emanuele Gentili > ------- End of forwarded message -------
