New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XSS on 404 page of bugs.python.org #34
Comments
|
Hi @hannob! Thanks for reporting! Looks to come from: may be fixed using cgi.escape(). Not sure how to do a pull request on this, @ewdurbin @ezio-melotti? |
|
bugs.python.org branch at https://bitbucket.org/python/roundup/src/bugs.python.org/, and should likely be filed at issues.roundup-tracker.org as well |
|
@ewdurbin It looks like I don't have the rights to push on this repo. I'm proposing: |
|
imported, applied, deployed, confirmed: https://bitbucket.org/python/roundup/commits/51682dc2cd7e28421d749117c25bec58f632ee5f |
|
@hannob Did you request a CVE identifier for this vulnerability? |
No, after my last experiences with CVE assignments I decided that I'll just stop caring about it. If you care about it feel free to try to assign one. I posted it to oss-sec and sometimes this causes other people to request CVEs. |
|
Alright. CVE requested via https://cveform.mitre.org/. Have a nice weekend. |
|
Use CVE-2019-10904. |

There's an XSS on the error page of bugs.python.org:
https://bugs.python.org/%3Cimg%20src=x%20onerror=alert%281%29%3E
(Not sure if this is the right place to report it, I already reported it to the python bugtracker itself despite it having no proper category for it https://bugs.python.org/issue36391 )
The text was updated successfully, but these errors were encountered: