[gitorious] XSS vuln.

2011-09-08 Thread Yousha Aleayoub 

Hi,
Checkout & commit to fix it ;)

https://gitorious.org/~admin?page=999%3Chr/%3EDont%20Hacking%20Attempt!%20%3CBODY%20onload=%22javascript:alert('100%20times%20HELLO%20:D')%22%3E%3Cnoscript%3E

--
To post to this group, send email to gitorious@googlegroups.com
To unsubscribe from this group, send email to
gitorious+unsubscr...@googlegroups.com

Re: [gitorious] XSS vuln.

2011-09-12 Thread Marius Mårnes Mathiesen 
On Sat, Sep 17, 2011 at 6:24 PM, Yousha Aleayoub wrote:

> Hi,
> Checkout & commit to fix it ;)
>
> https://gitorious.org/~admin?**page=999%3Chr/%3EDont%**
> 20Hacking%20Attempt!%20%**3CBODY%20onload=%22javascript:**
> alert('100%20times%20HELLO%20:**D')%22%3E%3Cnoscript%3E
>
>
Yousha,
Thanks for reporting this, we pushed a fix earlier today. I'd really prefer
it if you keep sending these to the support email, so we have time to
resolve such issues before our users are exposed - this is a public mailing
list. Apart from that: keep'em coming!

Cheers,
- Marius

-- 
To post to this group, send email to gitorious@googlegroups.com
To unsubscribe from this group, send email to
gitorious+unsubscr...@googlegroups.com

Re: [gitorious] XSS vuln.

2011-09-12 Thread Rodrigo Rosenfeld Rosas 

Em 12-09-2011 09:29, Marius Mårnes Mathiesen escreveu:
On Sat, Sep 17, 2011 at 6:24 PM, Yousha Aleayoub > wrote:


Hi,
Checkout & commit to fix it ;)


https://gitorious.org/~admin?page=999%3Chr/%3EDont%20Hacking%20Attempt!%20%3CBODY%20onload=%22javascript:alert('100%20times%20HELLO%20:D')%22%3E%3Cnoscript%3E




Yousha,
Thanks for reporting this, we pushed a fix earlier today. I'd really 
prefer it if you keep sending these to the support email, so we have 
time to resolve such issues before our users are exposed - this is a 
public mailing list. Apart from that: keep'em coming!




Shouldn't a new patch version (v2.0.2) be released?

--
To post to this group, send email to gitorious@googlegroups.com
To unsubscribe from this group, send email to
gitorious+unsubscr...@googlegroups.com

Re: [gitorious] XSS vuln.

2011-09-13 Thread Marius Mårnes Mathiesen 
On Mon, Sep 12, 2011 at 4:20 PM, Rodrigo Rosenfeld Rosas  wrote:

> **
> Em 12-09-2011 09:29, Marius Mårnes Mathiesen escreveu:
>
> On Sat, Sep 17, 2011 at 6:24 PM, Yousha Aleayoub wrote:
>
>> Hi,
>> Checkout & commit to fix it ;)
>>
>>
>> https://gitorious.org/~admin?page=999%3Chr/%3EDont%20Hacking%20Attempt!%20%3CBODY%20onload=%22javascript:alert('100%20times%20HELLO%20:D')%22%3E%3Cnoscript%3E
>>
>>
>  Yousha,
> Thanks for reporting this, we pushed a fix earlier today. I'd really prefer
> it if you keep sending these to the support email, so we have time to
> resolve such issues before our users are exposed - this is a public mailing
> list. Apart from that: keep'em coming!
>
>
> Shouldn't a new patch version (v2.0.2) be released?
>

Absolutely - thanks a lot!

Cheers,
- Marius

-- 
To post to this group, send email to gitorious@googlegroups.com
To unsubscribe from this group, send email to
gitorious+unsubscr...@googlegroups.com