* XSS in search form at git-scm.com
@ 2012-05-11 12:28 Anton
2012-05-11 21:51 ` Jeff King
2012-05-13 3:14 ` Paul Betts
0 siblings, 2 replies; 3+ messages in thread
From: Anton @ 2012-05-11 12:28 UTC (permalink / raw)
To: git
Hello.
Search form at git-scm.com is vulnerable to XSS.
Short link
bit.ly/KQ2Tcd
http://bit.ly/K7VvJM
Real links
alert
http://git-scm.com/search/results?search=%3Cscript%3Ealert('privet%20Lambda%20:peka:%20_/')%3C/script%3E
Google logo
http://bit.ly/K7VvJM
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: XSS in search form at git-scm.com
2012-05-11 12:28 XSS in search form at git-scm.com Anton
@ 2012-05-11 21:51 ` Jeff King
2012-05-13 3:14 ` Paul Betts
1 sibling, 0 replies; 3+ messages in thread
From: Jeff King @ 2012-05-11 21:51 UTC (permalink / raw)
To: Anton; +Cc: git
On Fri, May 11, 2012 at 04:28:39PM +0400, Anton wrote:
> Search form at git-scm.com is vulnerable to XSS.
Thanks, this is a known issue and has just been fixed:
https://github.com/github/gitscm-next/issues/45
-Peff
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: XSS in search form at git-scm.com
2012-05-11 12:28 XSS in search form at git-scm.com Anton
2012-05-11 21:51 ` Jeff King
@ 2012-05-13 3:14 ` Paul Betts
1 sibling, 0 replies; 3+ messages in thread
From: Paul Betts @ 2012-05-13 3:14 UTC (permalink / raw)
To: forshr; +Cc: git
Hi Anton,
Bugs for git-scm.com are tracked on GitHub, please file your issue at
https://github.com/github/gitscm-next/issues.
--
Paul Betts <paul@paulbetts.org>
On Fri, May 11, 2012 at 5:28 AM, Anton <forshr@gmail.com> wrote:
> Hello.
>
> Search form at git-scm.com is vulnerable to XSS.
>
> Short link
>
> bit.ly/KQ2Tcd
> http://bit.ly/K7VvJM
>
> Real links
> alert
> http://git-scm.com/search/results?search=%3Cscript%3Ealert('privet%20Lambda%20:peka:%20_/')%3C/script%3E
> Google logo
> http://bit.ly/K7VvJM
> --
> To unsubscribe from this list: send the line "unsubscribe git" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-05-13 3:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-05-11 12:28 XSS in search form at git-scm.com Anton
2012-05-11 21:51 ` Jeff King
2012-05-13 3:14 ` Paul Betts
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).