[Savannah-help-public] [sr #106475] Cross-site scripting using feedback variable

Matt McCutchen Sat, 13 Feb 2010 14:53:46 -0800

Follow-up Comment #3, sr #106475 (project administration):

The XSS does not seem to work any more.  Still, it's not comforting that an
attacker can place arbitrary text in an apparently trusted part of the
Savannah UI.  Example.
<https://savannah.gnu.org/my/admin/?feedback=You%20have%20granted%20Matt%20McCutchen%20access%20to%20your%20Savannah%20account%2e>


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?106475>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Savannah-help-public] [sr #106475] Cross-site scripting using feedback variable

Reply via email to