Debian Security Advisory 1486-1 - "r0t" discovered that gnatsweb, a web interface to GNU GNATS, did not correctly sanitize the database parameter in the main CGI script. This could allow the injection of arbitrary HTML, or javascript code.
9ddea4aef7c77083962882bd870e592448662806878b24939fc986855efe1276