On 5/12/17, Kyle Shannon <[email protected]> wrote: > > Sorry to resurrect an old post, but the site mentioned in the original > post has disclosed the vulnerability. I was just notified by the > security team at the university I work at (Boise State) that my fossil > server is vulnerable to this XSS attack. I'm no security expert, but > it seems to be legit. It was independently verified by a service my > university subscribes to.
Thanks. The problem has now been fixed on trunk. http://fossil-scm.org/xfer/help?cmd=remote-url%27%3Cimg%20src=a:alert%28/xssposed/%29%20onerror=eval%28src%29%3E -- D. Richard Hipp [email protected] _______________________________________________ fossil-dev mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev
