We've been notified of these issues from svn.python.org - don't know whether any action is required.
regards Steve Holden ---------- Forwarded message --------- From: Stefan Jansson <xxer...@gmail.com> Date: Thu, Sep 27, 2018 at 5:01 PM Subject: Re: [Webmaster] xss and open redirect in svn.python.org To: <st...@holdenweb.com> No need for public disc. Its nothing too fancy. XSS at https://svn.python.org/conference/django/trunk/dojo/iframe_history.html?location=javascript:javascript:alert('XSS ') Open Redirect at https://svn.python.org/conference/django/trunk/dojo/iframe_history.html?location=https://www.google.com On Thu, Sep 27, 2018 at 5:09 PM Steve Holden <st...@holdenweb.com> wrote: > Have you looked at the site content? Open disclosure is fine, if you think > it's worth it. > > Steve Holden > > > On Thu, Sep 27, 2018 at 3:32 PM Stefan Jansson <xxer...@gmail.com> wrote: > >> Hi, >> >> I have found an open redirect and xss in svn.python.org >> >> How do you want to have it disclosed? >> -- >> Med Vänliga Hälsningar >> Stefan Jansson >> _______________________________________________ >> Webmaster mailing list >> webmas...@python.org >> https://mail.python.org/mailman/listinfo/webmaster >> > -- Med Vänliga Hälsningar Stefan Jansson
_______________________________________________ pydotorg-www mailing list pydotorg-www@python.org https://mail.python.org/mailman/listinfo/pydotorg-www
