[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnatsweb/755: XSS vuln.

From: Chad Walstrom
Subject: Re: gnatsweb/755: XSS vuln.
Date: Thu, 14 Jun 2007 11:25:20 -0500
User-agent: Mutt/1.5.9i

Unfortunately, Gnatsweb 4.0 doesn't do much for parameter or cookie
input validation and scrubbing.  Adding that functionality would be a
welcome addition.  Yngve is the person to go for this, as I do not
have CVS access or project access to Gnatsweb, just GNATS.  I suspect
that the database parameter isn't the only vulnerability.

Chad Walstrom <address@hidden> 
           assert(expired(knowledge)); /* core dump */

reply via email to

[Prev in Thread] Current Thread [Next in Thread]