This report came in via the git-security mailing list:
Hello Git,
This is zeeshan waheed an ethical hacker i have found a bug in your website
i have got XSS in your search bar here you can see
Open Website: https://git-scm.com
In search baar put these Payloads 1 by 1
Here you can see i upload images Proof of Concept
Please Resolve this bug as soon as possible
Thanks
Best Regards
Zeeshan Waheed
Impact
With a serious amount of social engineering, a user could be talked into pasting a malicious payload into the live search box, which would then execute code in the git-scm.com context.
Since there are no cookies or logins on that website, the impact would be limited.
Patches
2a4aec7
Workarounds
As always, be very wary to copy/paste from untrusted sources!
This report came in via the git-security mailing list:
Impact
With a serious amount of social engineering, a user could be talked into pasting a malicious payload into the live search box, which would then execute code in the git-scm.com context.
Since there are no cookies or logins on that website, the impact would be limited.
Patches
2a4aec7
Workarounds
As always, be very wary to copy/paste from untrusted sources!