Re: gnatsweb/755: XSS vuln.

help-gnats

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnatsweb/755: XSS vuln.

From:	Chad Walstrom
Subject:	Re: gnatsweb/755: XSS vuln.
Date:	Thu, 14 Jun 2007 11:25:20 -0500
User-agent:	Mutt/1.5.9i

Unfortunately, Gnatsweb 4.0 doesn't do much for parameter or cookie
input validation and scrubbing.  Adding that functionality would be a
welcome addition.  Yngve is the person to go for this, as I do not
have CVS access or project access to Gnatsweb, just GNATS.  I suspect
that the database parameter isn't the only vulnerability.

-- 
Chad Walstrom <address@hidden>           http://www.wookimus.net/
           assert(expired(knowledge)); /* core dump */

[Prev in Thread]

Current Thread

[Next in Thread]

Re: gnatsweb/755: XSS vuln., Chad Walstrom <=

Prev by Date: Re: compiling gnats-3.113
Next by Date: Gnats does not assign PR number
Previous by thread: compiling gnats-3.113
Next by thread: Gnats does not assign PR number
Index(es):
- Date
- Thread