|
|
Log in / Subscribe / Register

planet: missing input sanitizing

Package(s):planet CVE #(s):CVE-2009-2937
Created:September 15, 2009 Updated:September 17, 2009
Description: From the Debian bugzilla: The planet feed aggregator attempts to remove malicious content from user-submitted feeds. It does a great job, but fails to sanitize this input:

<img src="javascript:alert(1);" >

At least Opera will execute this code.

Alerts:
Fedora FEDORA-2009-9601 planet 2009-09-15
Fedora FEDORA-2009-9575 planet 2009-09-15
to post comments

planet: missing input sanitizing

Posted Sep 17, 2009 2:47 UTC (Thu) by BenHutchings (subscriber, #37955) [Link]

"Debian bugzilla"?!


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds