Re: XSS on your website

From: Sriram Ramkrishna <sri ramkrishna me>
To: GNOME Infrastructure <gnome-infrastructure gnome org>
Subject: Re: XSS on your website
Date: Wed, 23 Apr 2014 15:29:55 -0700

Balsa used to be a mail client that Jeff Steadfast I think wrote.  He
had his own website, it might be that we own the DNS name now?

sri

On Wed, Apr 23, 2014 at 2:18 PM, Olav Vitters <olav vitters nl> wrote:

See attachment. Wtf is balsa.gnome.org?
--
Regards,
Olav


---------- Forwarded message ----------
From: Xtnrevolt Tunisian <xtnr3v0lt tunisian yahoo com>
To: "security gnome org" <security gnome org>
Cc:
Date: Wed, 23 Apr 2014 12:34:54 -0700 (PDT)
Subject: XSS on your website
Dear Gnome Security Team
I am a cyber security researcher from tunisia i recently discover a security problem on your website
Security type : XSS - cross -site scripting
POC :
https://balsa.gnome.org/publications/search.php?title=&author=Y&keyword=&year=";><script>alert('xss by Ben 
khlifa fahmi')</script>
Solution :
use HTMLSPECIALCHARS($_GET['param']);
Thank you for your time
ill be thankfull if you gave me any Acknowledge for reporting this security
Thank you again
Ben khlifa fahmi
Founder & CEO of the Tunisian Cyber Army

_______________________________________________
security-list mailing list
security-list gnome org
https://mail.gnome.org/mailman/listinfo/security-list
automatically sent to *all* subscribers of the release-team mailing list
_______________________________________________
gnome-infrastructure mailing list
gnome-infrastructure gnome org
https://mail.gnome.org/mailman/listinfo/gnome-infrastructure

Follow-Ups:
- Re: XSS on your website
  - From: Andrea Veri

References:
- Fwd: XSS on your website
  - From: Olav Vitters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]