A vulnerability was discovered and corrected in git : A cross-site scripting vulnerability in Gitweb 1.7.3.3 and previous versions allows remote attackers to inject arbitrary web script or HTML code via f and fp variables . The updated packages have been patched to correct this issue.