Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier
allows remote attackers to inject arbitrary web script or HTML via the (1)
f and (2) fp parameters.
Author | Note |
---|---|
mdeslaur | git in dapper and hardy is something unrelated |
sbeattie | fix is needed in hardy, though half the functions that it applies to don’t exist. Also needs examination for other locations. Did not inspect dapper. |