Re: gnatsweb/755: XSS vuln.

View: New views

1 Messages — Rating Filter: Alert me

Re: gnatsweb/755: XSS vuln.

by Chad Walstrom :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Unfortunately, Gnatsweb 4.0 doesn't do much for parameter or cookie
input validation and scrubbing. Adding that functionality would be a
welcome addition. Yngve is the person to go for this, as I do not
have CVS access or project access to Gnatsweb, just GNATS. I suspect
that the database parameter isn't the only vulnerability.

--
Chad Walstrom <chewie@...> http://www.wookimus.net/
assert(expired(knowledge)); /* core dump */

_______________________________________________
Help-gnats mailing list
Help-gnats@...
http://lists.gnu.org/mailman/listinfo/help-gnats