ubuntu-bots team mailing list archive

Thread
Date

[Bug 1832773] Re: ubottu factoids web UI XSS

To: ubuntu-bots@xxxxxxxxxxxxxxxxxxx
From: Tom Reynolds <1832773@xxxxxxxxxxxxxxxxxx>
Date: Sat, 21 Sep 2024 02:02:01 -0000
Reply-to: Bug 1832773 <1832773@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

This got fixed since (at least on ubottu.com), not sure when / how / by
whom (or just newer software with better handling / defaults?). Thanks
to you if you did it!

** Changed in: ubuntu-bots
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
IRC Bots, which is subscribed to Ubuntu IRC Bots.
https://bugs.launchpad.net/bugs/1832773

Title:
  ubottu factoids web UI XSS

Status in Ubuntu IRC Bots:
  Fix Released

Bug description:
  Try this in Firefox or anything not based on Chromium/Chrome:

  http://ubottu.com/factoids.cgi?search=%22%3E%3Cscript%3Ealert%28%22I%27m+an+XSS%22%29%3C%2Fscript%3E%3Cx%3D%22

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-bots/+bug/1832773/+subscriptions

References

[Bug 1832773] [NEW] ubottu factoids web UI XSS
From: Tom Reynolds, 2019-06-13