oss-sec mailing list archives
Re: Cgit XSS "vulnerability" has no CVE?
From: "Jason A. Donenfeld" <Jason () zx2c4 com>
Date: Mon, 7 Mar 2016 18:52:04 +0100
At the moment, none of those example filters are XSS-safe. I think I'll likely rewrite them for the next version to use a framework for that. But there's never been any guarantee for those filters, and they've never been provided as anything but potential example filters for people to tweak and change.
Current thread:
- Cgit XSS "vulnerability" has no CVE? Peter Bex (Mar 05)
- Re: Cgit XSS "vulnerability" has no CVE? Jason A. Donenfeld (Mar 07)
- Re: Cgit XSS "vulnerability" has no CVE? Jason A. Donenfeld (Mar 07)
- Re: Cgit XSS "vulnerability" has no CVE? Peter Bex (Mar 07)
- Re: Cgit XSS "vulnerability" has no CVE? Jason A. Donenfeld (Mar 07)
- Re: Cgit XSS "vulnerability" has no CVE? Peter Bex (Mar 07)