Bug#762967: XSS in bugs.debian.org/cgi-bin/version.cgi

I'll add to this bug instead of making a new one. /cgi-bin/cookies.cgi contains XSS (persistent via cookie) and Header injection vulnerabilities in vars repeatmerged, terse, reverse, trim, oldview XSS PoC: https://bugs.debian.org/cgi-bin/cookies.cgi?repeatmerged=%3Cscript%3Ealert('xss')%3B%3C/scr

Bug#762967: XSS in bugs.debian.org/cgi-bin/version.cgi

On Sat, 27 Sep 2014, Vlad Constantin wrote: > I'll add to this bug instead of making a new one. > > /cgi-bin/cookies.cgi contains XSS (persistent via cookie) and Header > injection vulnerabilities in vars repeatmerged, terse, reverse, trim, > oldview > > XSS PoC: > https://bugs.debian.org/cgi-bin