[pydotorg-www] Fwd: [Webmaster] xss and open redirect in svn.python.org
Steve Holden
steve at holdenweb.com
Thu Sep 27 13:56:02 EDT 2018
We've been notified of these issues from svn.python.org - don't know
whether any action is required.
regards
Steve Holden
---------- Forwarded message ---------
From: Stefan Jansson <xxeroxx at gmail.com>
Date: Thu, Sep 27, 2018 at 5:01 PM
Subject: Re: [Webmaster] xss and open redirect in svn.python.org
To: <steve at holdenweb.com>
No need for public disc. Its nothing too fancy.
XSS at
https://svn.python.org/conference/django/trunk/dojo/iframe_history.html?location=javascript:javascript:alert('XSS
')
Open Redirect at
https://svn.python.org/conference/django/trunk/dojo/iframe_history.html?location=https://www.google.com
On Thu, Sep 27, 2018 at 5:09 PM Steve Holden <steve at holdenweb.com> wrote:
> Have you looked at the site content? Open disclosure is fine, if you think
> it's worth it.
>
> Steve Holden
>
>
> On Thu, Sep 27, 2018 at 3:32 PM Stefan Jansson <xxeroxx at gmail.com> wrote:
>
>> Hi,
>>
>> I have found an open redirect and xss in svn.python.org
>>
>> How do you want to have it disclosed?
>> --
>> Med Vänliga Hälsningar
>> Stefan Jansson
>> _______________________________________________
>> Webmaster mailing list
>> Webmaster at python.org
>> https://mail.python.org/mailman/listinfo/webmaster
>>
>
--
Med Vänliga Hälsningar
Stefan Jansson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20180927/a6e947b5/attachment.html>
More information about the pydotorg-www
mailing list