Fwd: XSS on your website

From: Olav Vitters <olav vitters nl>
To: gnome-infrastructure gnome org
Subject: Fwd: XSS on your website
Date: Wed, 23 Apr 2014 23:18:05 +0200

See attachment. Wtf is balsa.gnome.org?
-- 
Regards,
Olav

--- Begin Message ---

From: Xtnrevolt Tunisian <xtnr3v0lt tunisian yahoo com>

To: "security gnome org" <security gnome org>

Subject: XSS on your website

Date: Wed, 23 Apr 2014 12:34:54 -0700 (PDT)

Dear Gnome Security Team
I am a cyber security researcher from tunisia i recently discover a security problem on your website
Security type : XSS - cross -site scripting
POC :
https://balsa.gnome.org/publications/search.php?title=&author=Y&keyword=&year="><script>alert('xss by Ben khlifa fahmi')</script>
Solution :
use HTMLSPECIALCHARS($_GET['param']);
Thank you for your time
ill be thankfull if you gave me any Acknowledge for reporting this security
Thank you again
Ben khlifa fahmi
Founder & CEO of the Tunisian Cyber Army
_______________________________________________
security-list mailing list
security-list gnome org
https://mail.gnome.org/mailman/listinfo/security-list
automatically sent to *all* subscribers of the release-team mailing list
--- End Message ---

Follow-Ups:
- Re: XSS on your website
  - From: Sriram Ramkrishna

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]