[Tracker-discuss] Fwd: [PSRT] Cross-Site Scripting(XSS) vulnerability found on your website

Stephen J. Turnbull Sun, 05 Jan 2014 21:15:30 -0800

Benjamin Peterson writes:

 > Not sure if this is interesting.


 > 2. As soon as we submit the crafted URL, we get an alert box saying XSS.
 >    URL:
 >
 >    
 > http://bugs.python.org/issue?%40columns=status&message_count=";><script>alert("XSS")<%2Fscript>&%40action=search

Sure, this is interesting (it works as advertised for me on Mac OS X
with Firefox 26.0, and could be used for phishing at least).

I don't know what, if anything, we can do about it, but if we can
prevent it without unreasonable effort, we should.

_______________________________________________
Tracker-discuss mailing list
Tracker-discuss@python.org
https://mail.python.org/mailman/listinfo/tracker-discuss

[Tracker-discuss] Fwd: [PSRT] Cross-Site Scripting(XSS) vulnerability found on your website

Reply via email to