I thought we had this fixed in the search system base package. Adam, did we upgrade packages on OSA and we didn't get these XSS fixes in or did we not actually get it fixed? I've patched the GIT repo on OSA production, can you pull that in and make sure it gets into the package? Thanks. ----- "Drew Jensen" wrote: > Terri Molini wrote: > > Here is an email sent to us via webmaster at opensourceforamerica.org. > > > > Could someone please respond to Reed and see if he wants to help or is > > just sending out a note. > > > > thanks, > > terri > > Greetings, > > > > The search results page on opensourceforamerica.org suffers from an > > XSS vulnerability. > > > > http://opensourceforamerica.org/Search?q="><script>alert('xss');</ > > script> > > > > Just figured I'd drop you a short note to let you know of the issue so > > you can hopefully fix it. Let me know if you need any more information > > on this particular issue or XSS in general. :) > > > > ~reed > > > > > Hi, > Found an entry in the ofBiz issue tracker on this: > http://issues.apache.org/jira/browse/OFBIZ-260 > Shows the issue as fixed/closed Feb of this year. > Drew > _______________________________________________ > infrastructure mailing list > infrastructure at opensourceforamerica.org > http://opensourceforamerica.org/cgi-bin/mailman/listinfo/infrastructure -- Ean Schuessler, CTO Brainfood.com ean at brainfood.com - http://www.brainfood.com - 214-720-0700 x 315 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://opensourceforamerica.org/archives/infrastructure/attachments/20091007/a2027b2d/attachment.htm>