[Savannah-help-public] [sr #107282] XSS in account email change form

savannah-hackers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-help-public] [sr #107282] XSS in account email change form

From:	Matt McCutchen
Subject:	[Savannah-help-public] [sr #107282] XSS in account email change form
Date:	Fri, 07 May 2010 23:20:42 +0000
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100419 Fedora/3.5.9-1.custom.fc12 Shiretoko/3.5.9

Follow-up Comment #1, sr #107282 (project administration):

Admins, what do I have to do to get you to take this seriously?  You're
currently trusting every site you visit while logged into Savannah not to take
over your session and wreak havoc on the site.  Should I put up an attack page
that publicly displays the session cookies of its victims?

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?107282>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[Savannah-help-public] [sr #107282] XSS in account email change form, Matt McCutchen <=
- [Savannah-help-public] [sr #107282] XSS in account email change form, Sylvain Beucler, 2010/05/08

Prev by Date: [Savannah-help-public] [sr #107360] Request to enable mail on cvs commit hook
Next by Date: [Savannah-help-public] [sr #107361] SVN import request for project 'fluid' on savannah.nongnu.org
Previous by thread: [Savannah-help-public] [sr #107360] Request to enable mail on cvs commit hook
Next by thread: [Savannah-help-public] [sr #107282] XSS in account email change form
Index(es):
- Date
- Thread