[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-help-public] [sr #106475] Cross-site scripting using feedback
From: |
Matt McCutchen |
Subject: |
[Savannah-help-public] [sr #106475] Cross-site scripting using feedback variable |
Date: |
Sat, 13 Feb 2010 22:53:35 +0000 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2) Gecko/20100210 Fedora/3.6.1-1.matt1.fc12 Namoroka/3.6 |
Follow-up Comment #3, sr #106475 (project administration):
The XSS does not seem to work any more. Still, it's not comforting that an
attacker can place arbitrary text in an apparently trusted part of the
Savannah UI. Example.
<https://savannah.gnu.org/my/admin/?feedback=You%20have%20granted%20Matt%20McCutchen%20access%20to%20your%20Savannah%20account%2e>
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?106475>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-help-public] [sr #106475] Cross-site scripting using feedback variable,
Matt McCutchen <=