I'll add to this bug instead of making a new one.
/cgi-bin/cookies.cgi contains XSS (persistent via cookie) and Header
injection vulnerabilities in vars repeatmerged, terse, reverse, trim,
oldview
XSS PoC:
On Sat, 27 Sep 2014, Vlad Constantin wrote:
I'll add to this bug instead of making a new one.
/cgi-bin/cookies.cgi contains XSS (persistent via cookie) and Header
injection vulnerabilities in vars repeatmerged, terse, reverse, trim,
oldview
XSS PoC:
Package: debbugs
Severity: important
bugs.debian.org/cgi-bin/version.cgi contains an XSS vulnerability in the
'package' var.
PoC:
https://bugs.debian.org/cgi-bin/version.cgi?info=1;package=%3C/title%3E%3Cscript%3Ealert('xss')%3B%3C/script%3E
-v
--
To UNSUBSCRIBE, email to
3 matches
Mail list logo
