[Tracker-discuss] Fwd: [PSRT] Cross-Site Scripting(XSS) vulnerability found on your website
Stephen J. Turnbull
turnbull at sk.tsukuba.ac.jp
Mon Jan 6 06:14:25 CET 2014
Benjamin Peterson writes:
> Not sure if this is interesting.
> 2. As soon as we submit the crafted URL, we get an alert box saying XSS.
> URL:
>
> http://bugs.python.org/issue?%40columns=status&message_count="><script>alert("XSS")<%2Fscript>&%40action=search
Sure, this is interesting (it works as advertised for me on Mac OS X
with Firefox 26.0, and could be used for phishing at least).
I don't know what, if anything, we can do about it, but if we can
prevent it without unreasonable effort, we should.
More information about the Tracker-discuss
mailing list