On Fri, May 12, 2017 at 10:24 AM, Richard Hipp <d...@sqlite.org> wrote: > On 5/12/17, Kyle Shannon <k...@pobox.com> wrote: >> >> Sorry to resurrect an old post, but the site mentioned in the original >> post has disclosed the vulnerability. I was just notified by the >> security team at the university I work at (Boise State) that my fossil >> server is vulnerable to this XSS attack. I'm no security expert, but >> it seems to be legit. It was independently verified by a service my >> university subscribes to. > > Thanks. The problem has now been fixed on trunk. > > http://fossil-scm.org/xfer/help?cmd=remote-url%27%3Cimg%20src=a:alert%28/xssposed/%29%20onerror=eval%28src%29%3E > > -- > D. Richard Hipp > d...@sqlite.org
As always, thanks for the quick fix. -- Kyle _______________________________________________ fossil-dev mailing list fossil-dev@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev
