Balsa used to be a mail client that Jeff Steadfast I think wrote. He had his own website, it might be that we own the DNS name now?
sri On Wed, Apr 23, 2014 at 2:18 PM, Olav Vitters <[email protected]> wrote: > See attachment. Wtf is balsa.gnome.org? > -- > Regards, > Olav > > > ---------- Forwarded message ---------- > From: Xtnrevolt Tunisian <[email protected]> > To: "[email protected]" <[email protected]> > Cc: > Date: Wed, 23 Apr 2014 12:34:54 -0700 (PDT) > Subject: XSS on your website > Dear Gnome Security Team > I am a cyber security researcher from tunisia i recently discover a security > problem on your website > Security type : XSS - cross -site scripting > POC : > https://balsa.gnome.org/publications/search.php?title=&author=Y&keyword=&year=";><script>alert('xss > by Ben khlifa fahmi')</script> > Solution : > use HTMLSPECIALCHARS($_GET['param']); > Thank you for your time > ill be thankfull if you gave me any Acknowledge for reporting this security > Thank you again > Ben khlifa fahmi > Founder & CEO of the Tunisian Cyber Army > > _______________________________________________ > security-list mailing list > [email protected] > https://mail.gnome.org/mailman/listinfo/security-list > automatically sent to *all* subscribers of the release-team mailing list > _______________________________________________ > gnome-infrastructure mailing list > [email protected] > https://mail.gnome.org/mailman/listinfo/gnome-infrastructure _______________________________________________ gnome-infrastructure mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-infrastructure
