php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41376 a xss bug on php.net website
Submitted: 2007-05-12 14:43 UTC Modified: 2007-05-12 15:44 UTC
From: dedemoulu at hotmail dot com Assigned: bjori (profile)
Status: Closed Package: Website problem
PHP Version: Irrelevant OS: not important
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: dedemoulu at hotmail dot com
New email:
PHP Version: OS:

 

 [2007-05-12 14:43 UTC] dedemoulu at hotmail dot com
Description:
------------
hello,

I have discovered a xss bug on php.net website.
this xss is on the $_GET['lang'], example:
http://fr.php.net/manual-lookup.php?pattern=osef&lang="><script>alert(document.cookie)</script>

GoodBye, Andr? moulu


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-05-12 14:44 UTC] dedemoulu at hotmail dot com
Description:
------------
hello,

I have discovered a xss bug on php.net website.
this xss is on the $_GET['lang'], example:
http://fr.php.net/manual-lookup.php?pattern=osef&lang="><script>alert(do
cument.cookie)</script>

GoodBye, d-day
 [2007-05-12 15:44 UTC] bjori@php.net
This bug has been fixed in CVS. Since the websites are not directly
updated from the CVS server, the fix might need some time to spread
across the globe to all mirror sites, including PHP.net itself.

Thank you for the report, and for helping us make PHP.net better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 23:01:28 2024 UTC