[aur-dev] [PATCH] Cross-Site Scripting vulnerability

Viktor Leonhardt leonharv at unix-ag.uni-kl.de
Sat Oct 2 12:56:06 EDT 2010

While working on a better E-mail validation, i found some cross-site 
in the lib/accfuncs.inc. Here is the Patch, witch is fixing this 
problem. I hope, that i found
all relevant parts, because I'm not so familiar with this site. You can 
try it by your own
by setting a user name or e-mail with a single quote. Like:


I will soon commit a patch for the E-mail validation using this website[1].
The most is working, except an problem with the double quotes.

[1] http://www.linuxjournal.com/article/9585

greetings Viktor
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 0001-Fixing-XSS-vulnerability.patch
URL: <http://mailman.archlinux.org/pipermail/aur-dev/attachments/20101002/6c93bcd3/attachment.ksh>

More information about the aur-dev mailing list