From owner-freebsd-www Sun May 5 17:33:28 2002 Delivered-To: freebsd-www@freebsd.org Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.122.47]) by hub.freebsd.org (Postfix) with ESMTP id 9910C37B40A for ; Sun, 5 May 2002 17:33:26 -0700 (PDT) Received: from localhost (dwhite@localhost) by resnet.uoregon.edu (8.11.3/8.10.1) with ESMTP id g460XKj95830; Sun, 5 May 2002 17:33:20 -0700 (PDT) Date: Sun, 5 May 2002 17:33:20 -0700 (PDT) From: Doug White To: ReDeeMeR Cc: www@FreeBSD.ORG Subject: Re: Cross site scripting (XSS) at www.FreeBSD.org In-Reply-To: <20020505235948.29006.qmail@uwdvg001.cms.usa.net> Message-ID: <20020505173248.T85869-100000@resnet.uoregon.edu> X-All-Your-Base: are belong to us MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-www@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 6 May 2002, ReDeeMeR wrote: > I recently discovered a cross site scripting vulnerability on the FreeBSD.org > website. I won't post any details of the exact bug here in case it were to > fall in to the wrong hands; however, I searched the freebsd.org website up and > down and was unable to find an email address for an active 'webmaster' -- all > I could find was this mailing list. So my question is, who do I email the > details of this bug to ? It is a bug in the site and not in the FreeBSD > operating system ... so send-pr is no good in this case. This is the correct list. If it's in cvsweb, it's probably already been fixed; someone reported one a week or two ago already. Doug White | FreeBSD: The Power to Serve dwhite@resnet.uoregon.edu | www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-www" in the body of the message