From owner-freebsd-www  Sun May  5 17: 0: 4 2002
Delivered-To: freebsd-www@freebsd.org
Received: from uadvg134.mx.net (uadvg134.mx.net [165.212.11.134])
	by hub.freebsd.org (Postfix) with SMTP id D35FE37B404
	for <www@freebsd.org>; Sun,  5 May 2002 16:59:59 -0700 (PDT)
Received: (qmail 16816 invoked from network); 6 May 2002 00:00:11 -0000
Received: from uadvg133.cms.usa.net (165.212.11.133)
  by corprelay.cms.usa.net with SMTP; 6 May 2002 00:00:11 -0000
Received: USA.NET MXFirewall, messaging filters applied; Mon, 06 May 2002 00:00:04 GMT
Received: from uwdvg001.cms.usa.net [165.212.8.21] by uadvg133.cms.usa.net via mtad (CM.1201.1.04A) 
	with ESMTP id 609geeX850458M33; Sun, 05 May 2002 23:59:56 GMT
Message-ID: <20020505235948.29006.qmail@uwdvg001.cms.usa.net>
Received: from 192.115.8.147 [192.115.8.147] by uwdvg021.cms.usa.net 
	(USANET web-mailer CM.0402.1.01C); Sun, 05 May 2002 23:59:48 -0000
Date: Mon, 06 May 2002 00:59:48 +0100
From: ReDeeMeR <g0tr00t@usa.net>
To: <www@freebsd.org>
Subject: Cross site scripting (XSS) at www.FreeBSD.org
X-Mailer: USANET web-mailer (CM.0402.1.01C)
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-www@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-www.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-www>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-www>
X-Loop: FreeBSD.org

Hi there,

I recently discovered a cross site scripting vulnerability on the FreeBSD=
=2Eorg
website. I won't post any details of the exact bug here in case it were t=
o
fall in to the wrong hands; however, I searched the freebsd.org website u=
p and
down and was unable to find an email address for an active 'webmaster' --=
 all
I could find was this mailing list. So my question is, who do I email the=

details of this bug to ? It is a bug in the site and not in the FreeBSD
operating system ... so send-pr is no good in this case.

Please CC your reply to me as I am not actually signed up to this mailing=

list.

Thanks in advance,
ReDeeMeR


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-www" in the body of the message