Re: [gitorious] XSS vuln.

Mon, 12 Sep 2011 07:21:00 -0700 

Em 12-09-2011 09:29, Marius Mårnes Mathiesen escreveu:
On Sat, Sep 17, 2011 at 6:24 PM, Yousha Aleayoub <yousha....@gmail.com <mailto:yousha....@gmail.com>> wrote: 

    Hi,
    Checkout & commit to fix it ;)

    
https://gitorious.org/~admin?page=99999999999%3Chr/%3EDont%20Hacking%20Attempt!%20%3CBODY%20onload=%22javascript:alert('100%20times%20HELLO%20:D')%22%3E%3Cnoscript%3E
    
<https://gitorious.org/%7Eadmin?page=99999999999%3Chr/%3EDont%20Hacking%20Attempt%21%20%3CBODY%20onload=%22javascript:alert%28%27100%20times%20HELLO%20:D%27%29%22%3E%3Cnoscript%3E>


Yousha,

Thanks for reporting this, we pushed a fix earlier today. I'd really 
prefer it if you keep sending these to the support email, so we have 
time to resolve such issues before our users are exposed - this is a 
public mailing list. Apart from that: keep'em coming!




Shouldn't a new patch version (v2.0.2) be released?

--
To post to this group, send email to gitorious@googlegroups.com
To unsubscribe from this group, send email to
gitorious+unsubscr...@googlegroups.com






















					Reply via email to