report bug

ayoub nait lamine ayoub.naitlamine1 at gmail.com
Tue Mar 25 12:15:47 EDT 2014


2014-03-25 16:04 GMT+00:00 Ethan Blanton <elb at pidgin.im>:

> ayoub nait lamine spake unto us the following wisdom:
> > Hello, I am a researcher of security, wanted to reveal a security
> > vulnerability responsibility, which is found in the website of your.
> Below
> > is a snapshot.
>
> We are going to have trouble fixing, or even identifying, this problem
> from just a screen shot.  Can you tell us how you achieved it?  I
> assume the problem is that you were able to enter a snippet of
> Javascript as an email address, and it was executed in your browser?
>
> > I want to be rewarded or put my name on the list of special ethical
> hacker
> > your website
>
> You probably want to report this vulnerability to the Trac project
> (trac.edgewall.org) for this.  We did not write and do not maintain
> trac, we simply use it on developer.pidgin.im.  While there is no such
> list per se, there are public vulnerability disclosures, and they
> normally include the discoverer of a vulnerability.  However, it is
> not our place to disclose vulnerabilities in trac, as trac will want
> to coordinate the disclosure with many users and packagers of their
> system, not just Pidgin.
>
> Ethan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140325/b023f3f4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xss in developer.pidgin.im.mp4
Type: video/mp4
Size: 1010388 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140325/b023f3f4/attachment-0001.mp4>


More information about the security mailing list