/tverify/index/0.php POST[notaryURL] XSS
This is part of a code audit on cacert sources. Francesco 'ascii' Ongaro - www.ush.it
HTML POC 1

This bug comes without a POC, sorry!

Fast check

ND, i don't have the required access level and i'm
too lazy to setup a test enviroment : )

Vulnerable code

./tverify/index/0.php
    

Summary
- POST XSS
- magic quotes gpc ON
- affected by user role (only logged in with right permissions)