Bug#762967: XSS in bugs.debian.org/cgi-bin/version.cgi

Package: debbugs Severity: important bugs.debian.org/cgi-bin/version.cgi contains an XSS vulnerability in the 'package' var. PoC: https://bugs.debian.org/cgi-bin/version.cgi?info=1;package=%3C/title%3E%3Cscript%3Ealert('xss')%3B%3C/script%3E -v -- To UNSUBSCRIBE, email to debian-debbugs-requ.

Bug#762967: XSS in bugs.debian.org/cgi-bin/version.cgi

I'll add to this bug instead of making a new one. /cgi-bin/cookies.cgi contains XSS (persistent via cookie) and Header injection vulnerabilities in vars repeatmerged, terse, reverse, trim, oldview XSS PoC: https://bugs.debian.org/cgi-bin/cookies.cgi?repeatmerged=%3Cscript%3Ealert('xss')%3B%3C/scr