XSS in search form at git-scm.com

XSS in search form at git-scm.com

[Anton]

Hello.

Search form at git-scm.com is vulnerable to XSS.

Short link

bit.ly/KQ2Tcd
http://bit.ly/K7VvJM

Real links
alert
http://git-scm.com/search/results?search=%3Cscript%3Ealert('privet%20Lambda%20:peka:%20_/')%3C/script%3E
Google logo
http://bit.ly/K7VvJM

Re: XSS in search form at git-scm.com

[Jeff King]

On Fri, May 11, 2012 at 04:28:39PM +0400, Anton wrote:

> Search form at git-scm.com is vulnerable to XSS.

Thanks, this is a known issue and has just been fixed:

  https://github.com/github/gitscm-next/issues/45

-Peff

Re: XSS in search form at git-scm.com

[Paul Betts]

Hi Anton,

Bugs for git-scm.com are tracked on GitHub, please file your issue at
https://github.com/github/gitscm-next/issues.

-- 
Paul Betts <paul@paulbetts.org>

On Fri, May 11, 2012 at 5:28 AM, Anton <forshr@gmail.com> wrote:
> Hello.
>
> Search form at git-scm.com is vulnerable to XSS.
>
> Short link
>
> bit.ly/KQ2Tcd
> http://bit.ly/K7VvJM
>
> Real links
> alert
> http://git-scm.com/search/results?search=%3Cscript%3Ealert('privet%20Lambda%20:peka:%20_/')%3C/script%3E
> Google logo
> http://bit.ly/K7VvJM
> --
> To unsubscribe from this list: send the line "unsubscribe git" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html