Jusy fyi, Chrome blocks it with this message: This page isn’t working Chrome detected unusual code on this page and blocked it to protect your personal information (for example, passwords, phone numbers, and credit cards). Try visiting the site's homepage. ERR_BLOCKED_BY_XSS_AUDITOR
----- stephan Sent from a mobile device, possibly left-handed from bed. Please excuse brevity, typos, and top-posting. On Wed, Jun 6, 2018, 19:45 Kyle Shannon <[email protected]> wrote: > On Wed, Jun 6, 2018 at 11:44 AM Richard Hipp <[email protected]> wrote: > > > > On 6/6/18, Kyle Shannon <[email protected]> wrote: > > > Our security team found another XSS, shall I forward the link to the > list? > > > > Yes, please > > -- > > D. Richard Hipp > > [email protected] > > > https://www.fossil-scm.org/index.html/timeline?advm=0&chng=%3C/script%3E%3Cscript%3Ealert(150)%3C/script%3E&n=50&ss=c > > -- > Kyle > _______________________________________________ > fossil-dev mailing list > [email protected] > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev > _______________________________________________ fossil-dev mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev
