gnatsweb/755: Re: gnatsweb/755: XSS vuln.

gnats-prs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gnatsweb/755: Re: gnatsweb/755: XSS vuln.

From:	bug-gnats
Subject:	gnatsweb/755: Re: gnatsweb/755: XSS vuln.
Date:	Thu, 14 Jun 2007 11:35:01 -0500 (CDT)

The following reply was made to PR gnatsweb/755; it has been noted by GNATS.

From: Chad Walstrom <address@hidden>
To: address@hidden
Cc: address@hidden
Subject: Re: gnatsweb/755: XSS vuln.
Date: Thu, 14 Jun 2007 11:25:20 -0500

 Unfortunately, Gnatsweb 4.0 doesn't do much for parameter or cookie
 input validation and scrubbing.  Adding that functionality would be a
 welcome addition.  Yngve is the person to go for this, as I do not
 have CVS access or project access to Gnatsweb, just GNATS.  I suspect
 that the database parameter isn't the only vulnerability.

 -- 
 Chad Walstrom <address@hidden>           http://www.wookimus.net/
            assert(expired(knowledge)); /* core dump */

[Prev in Thread]

Current Thread

[Next in Thread]

gnatsweb/755: Re: gnatsweb/755: XSS vuln., bug-gnats <=

Next by Date: pending/758: New Microsoft Update! (pending)
Next by thread: pending/758: New Microsoft Update! (pending)
Index(es):
- Date
- Thread