gnats-prs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gnatsweb/755: Re: gnatsweb/755: XSS vuln.


From: bug-gnats
Subject: gnatsweb/755: Re: gnatsweb/755: XSS vuln.
Date: Thu, 14 Jun 2007 11:35:01 -0500 (CDT)

The following reply was made to PR gnatsweb/755; it has been noted by GNATS.

From: Chad Walstrom <address@hidden>
To: address@hidden
Cc: address@hidden
Subject: Re: gnatsweb/755: XSS vuln.
Date: Thu, 14 Jun 2007 11:25:20 -0500

 Unfortunately, Gnatsweb 4.0 doesn't do much for parameter or cookie
 input validation and scrubbing.  Adding that functionality would be a
 welcome addition.  Yngve is the person to go for this, as I do not
 have CVS access or project access to Gnatsweb, just GNATS.  I suspect
 that the database parameter isn't the only vulnerability.
 
 -- 
 Chad Walstrom <address@hidden>           http://www.wookimus.net/
            assert(expired(knowledge)); /* core dump */
 





reply via email to

[Prev in Thread] Current Thread [Next in Thread]