[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
gnatsweb/755: Re: gnatsweb/755: XSS vuln.
From: |
bug-gnats |
Subject: |
gnatsweb/755: Re: gnatsweb/755: XSS vuln. |
Date: |
Thu, 14 Jun 2007 11:35:01 -0500 (CDT) |
The following reply was made to PR gnatsweb/755; it has been noted by GNATS.
From: Chad Walstrom <address@hidden>
To: address@hidden
Cc: address@hidden
Subject: Re: gnatsweb/755: XSS vuln.
Date: Thu, 14 Jun 2007 11:25:20 -0500
Unfortunately, Gnatsweb 4.0 doesn't do much for parameter or cookie
input validation and scrubbing. Adding that functionality would be a
welcome addition. Yngve is the person to go for this, as I do not
have CVS access or project access to Gnatsweb, just GNATS. I suspect
that the database parameter isn't the only vulnerability.
--
Chad Walstrom <address@hidden> http://www.wookimus.net/
assert(expired(knowledge)); /* core dump */
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- gnatsweb/755: Re: gnatsweb/755: XSS vuln.,
bug-gnats <=