While I got access to the website and fixed some issues here and there, I
hardly know anything about PHP, XSS, or the old LSP, unfortunately. I'd
have to take a closer look at each of these first. However I can do this
next Tuesday at the earliest. I'll be away until then.
- Lukas
2014-07-16 10:48 GMT+02:00 Vesa <dii....@nbl.fi>:
> On 07/15/2014 04:25 PM, gameFace22 wrote:
>
> Hello,
>
> I was going through SourceForge for downloading PyDev Plugin and I
> encountered CrossSiteScripting vulnerability in certain domains which is
> hosted by SourceForge. I am including the links which has the
> vulnerability,preventive measures and also I am sending mails to the host.
>
>
> Firstly, thanks for your analysis and bringing this to our attention.
>
>
> @Lukas, @Tres, @Jonathan - you're the guys who know this website stuff, so
> please let me know what we're doing about this... these vulnerabilities
> seem to be about the LSP, so is there anything we can do about it, or are
> we just going to leave it be until we can replace it with the new LSP?
>
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
LMMS-devel mailing list
LMMS-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lmms-devel
