Re: XSS in info2www: msg#00006

On Wed, Nov 17, 2004 at 01:07:10AM +0100, Nicolas Gregoire wrote: > For your information, there's a XSS vulnerabilty in the info2www CGI > (tested on unstable). > > Exploit string : > /cgi-bin/info2www?(coreutils)<script>alert(document.cookie)</script> Cookies or other authentification are not used on this CGI script so there are no immediately obvious security implications. I think this means that a security update would be unlikely, unless there is something I'm missing. Steve --

<Prev in Thread]	Current Thread	[Next in Thread>

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	XSS in info2www, Nicolas Gregoire
Next by Date:	Re: XSS in info2www, Nicolas Gregoire
Previous by Thread:	XSS in info2www, Nicolas Gregoire
Next by Thread:	Re: XSS in info2www, Nicolas Gregoire
Indexes:	[Date] [Thread] [Top] [All Lists]

^^^ ADDITIONAL NAVIGATION ^^^

Recently Viewed:
emacs.dvc.devel... java.displaytag... ietf.rfc822/199... linux.altlinux.... redhat.fedora.r... python.ctypes/2... video.panorama/... freedesktop.xor... audio.emagic.lo... netbsd.devel.us... documentation.t... yellowdog.gener... gnome.mono.mono... bacula.user/200... shells.bash.bug... xfree86.devel/2... culture.bicycle... mozilla.devel.n... web.squid.gener... user-groups.gul... kde.amarok.bugs... org.user-groups... handhelds.linux... tex.context/200...

Home | blog view, Court Document Archive | USPTO Patent Archive (NEW!) | advertise | OSDir is an inevitable website. super tiny logo