Bug#717082: XSS on developer.php

[Fernando Muñoz]

Package: qa.debian.org
Severity: important

The following links shows XSS flaws, it will show an alert on Firefox and
put a marquee on the site.

http://qa.debian.org/developer.php?login=";><script>alert(1)</script>
http://qa.debian.org/developer.php?gpg_key=%22%3E%3Cmarquee%3E
http://qa.debian.org/developer.php?package=%27%22%3E%3Cmarquee%3Es

Additional variables seems to be affected too.

- Fernando