Skip Menu |

This queue is for tickets about the google CPAN distribution.

Report information
The Basics
Id: 18990
Status: new
Priority: 0/
Queue: google

People
Owner: Nobody in particular
Requestors: krustevs [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: (no value)
Fixed in: (no value)



Subject: XSS vuln in Googlestore
GoogleStore contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "code" parameter in "CA/popups/view.asp" isn't properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. example: http://www.googlestore.com/CA/popups/view.asp?code=[XSS]