[tor-bugs] #10440 [Website]: Cross Site Scripting at TorProject Blog

Thu Dec 19 09:45:24 UTC 2013

#10440: Cross Site Scripting at TorProject Blog
-------------------------------------------------+-------------------------
 Reporter:  patryk.bogdan@…                      |          Owner:  Patryk
     Type:  defect                               |  Bogdan
 Priority:  major                                |         Status:  new
Component:  Website                              |      Milestone:
 Keywords:  xss blog torproject cross site       |        Version:
  scripting                                      |  Actual Points:
Parent ID:                                       |         Points:
-------------------------------------------------+-------------------------
 GET parameter incorrectly filter GET query which allows attackers to
 execute JavaScript code which is called Cross Site Scripting.

 https://blog.torproject.org/archive/1%3Cbody%20onload=alert%28666%29%3E/2013/11/,

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10440>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online