It isn't likely that an extended period of "being private" would server anyone's benefit so I have make this public. I have made attempts to contact the developer - but none have received any kind of response.
** Visibility changed to: Public ** Description changed: Binary package hint: ntop - the ntop package despite being really buggy - also is vulnerable to xss and probably many other kinds of web security bugs. - I am reporting two xss bugs below. /me ./sleeps + the ntop package despite being really buggy - also is vulnerable to xss and probably many other kinds of web security bugs. + I am reporting two xss bugs below. http://XXXXXXX:3000/editPrefs.html?key=hostname.10.0.&val=%22/%3E%3Cbody%20onload=alert%281%29%3Ealert%281%29%3B%3C%2Fscript%3E&x=0&y=0 http://XXXX:3000/editPrefs.html?key=hostname.ff02%3A%3A1&val=%22/%3E%3Cbody%20onload=alert%281%29%3E recommendation - 1. don't use get to set stuff you use post for that... :/ 2. use csrf tokens. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/777801 Title: xss and other bugs ... -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
