From owner-freebsd-questions@FreeBSD.ORG  Mon May 11 13:12:39 2015
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 824971C5
 for <freebsd-questions@freebsd.org>; Mon, 11 May 2015 13:12:39 +0000 (UTC)
Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk
 [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.infracaninophile.co.uk",
 Issuer "ca.infracaninophile.co.uk" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id E781B10B3
 for <freebsd-questions@freebsd.org>; Mon, 11 May 2015 13:12:38 +0000 (UTC)
Received: from ox-dell39.ox.adestra.com (no-reverse-dns.metronet-uk.com
 [85.199.232.226] (may be forged)) (authenticated bits=0)
 by smtp.infracaninophile.co.uk (8.15.1/8.15.1) with ESMTPSA id t4BDCErR035066
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
 for <freebsd-questions@freebsd.org>; Mon, 11 May 2015 14:12:28 +0100 (BST)
 (envelope-from matthew@freebsd.org)
Authentication-Results: smtp.infracaninophile.co.uk;
 dmarc=none header.from=freebsd.org
DKIM-Filter: OpenDKIM Filter v2.9.2 smtp.infracaninophile.co.uk t4BDCErR035066
Authentication-Results: smtp.infracaninophile.co.uk/t4BDCErR035066;
 dkim=none reason="no signature"; dkim-adsp=none; dkim-atps=neutral
X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host
 no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged) claimed to be
 ox-dell39.ox.adestra.com
Message-ID: <5550AAAD.5090801@freebsd.org>
Date: Mon, 11 May 2015 14:12:13 +0100
From: Matthew Seaman <matthew@freebsd.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Subject: Re: XSS in your search input
References: <5550A3F4.6070003@gaxweb.com>
In-Reply-To: <5550A3F4.6070003@gaxweb.com>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="va6DNLxcN0jGG944FVdrAOLHhvo9xK8x7"
X-Virus-Scanned: clamav-milter 0.98.6 at lucid-nonsense.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00
 autolearn=ham autolearn_force=no version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 lucid-nonsense.infracaninophile.co.uk
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 May 2015 13:12:39 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--va6DNLxcN0jGG944FVdrAOLHhvo9xK8x7
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 05/11/15 13:43, Matthias Holl wrote:
> hi freeBSD team,
>=20
> i found a XSS vulnerability on your webpage (search input)

Please can you contact the security team with details:

   secteam@freebsd.org

	Cheers,

	Matthew


--va6DNLxcN0jGG944FVdrAOLHhvo9xK8x7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJVUKqtXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw
MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnQIcQAKTvjWWMCXp6IemJc6zJlon3
rGWUrQffjsvDg3tnqtQwqdRJZ8dOIs2mNu+4nsJVfu9yd8FrBDt9PeZMRtNnU67n
z9akqQiyH5oFbRhDvr+VI6iQZGxkpBiCRjMhWtgGldzkKYhGiosrldx0/tFMTWba
QQ0wNwkRuJ3fbUrCFRCMnxccslRHZ9tYWJF+PPNl/ZO8kmI7KFOyDVo9ms4AYBrN
vOZvuOAWuqCh5lHfhAod0s/pAC8AnQZvXSH5MZauCkRHgs/JQ4VaGmFFKrHNhXbc
gj6r6pXJSoJjbaUqAcKwsAxUptkKQ3cIDK8O4eFNJH2TqvnBGa/V9dGAULtoMkSr
J4HmJdhmr2QVPNbJ4AN/dtjBcCxkQLIaDnaPJ2+FTD0af5yFnVggrjezkw2ypDW6
2uMMj1mxtdVXQTPpfxUmPX5kQB3qJBIrXpt9hBux67cwSABjTzbcM2ajLlRSSCs+
Caojsy7jZMuDA/pg+3aMOoFIXIBJyZBjRoKU5hZjAD3s0M+w7If9olrvToGQWVLr
auTwH1Hq5ANJnozACh/t+7uABjLx8AcpO/hDbet3vOwWyajYdiuCaX+K1xZO195J
ebOdyb4EcP89hQfhA5ytnXTZCPtlGaEB0XLN/0q6tkvvF+usf/UYU0ls4NtzrTFE
AQfUJJ+gOjYJqsvfY+eh
=vQ+N
-----END PGP SIGNATURE-----

--va6DNLxcN0jGG944FVdrAOLHhvo9xK8x7--