[newmaint-site] Bug#721041: nm.debian.org XSS
Enrico Zini
enrico at enricozini.org
Tue Aug 27 15:50:33 UTC 2013
On Tue, Aug 27, 2013 at 03:25:29PM +0200, Moritz Naumann wrote:
> Cross site scripting bugs with possible security impact on nm.debian.org:
>
> https://nm.debian.org/public/person/%3Cbody%20onload=alert%28%27XSS%27%29%3E
> https://nm.debian.org/public/process/%3Cbody%20onload=alert%28%27XSS%27%29%3E
>
> Thanks for looking into it.
Thank you for finding and reporting this.
I've done a full-site code review for all parameter leaks in error
messages, and got rid of them all. The result is already deployed.
Ciao,
Enrico
--
GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico at enricozini.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/newmaint-site/attachments/20130827/25ade19a/attachment.sig>
More information about the newmaint-site
mailing list