XXS issue - front page

Discussion of items in the "What's New" log.

XXS issue - front page

Postby josh » Mon Jul 13, 2015 2:41 pm

There was a cross site scripting vulnerability on the new user form on the front page - fixed now. Reported at:

https://www.xssposed.org/incidents/71870/ (which, as I type, still shows it as "unpatched" - I guess they take some time to re-verify).

These fields only show up when you're not logged in, and when you're not logged in, there are no cookies or other account specific information, so I can't see how this would have been an actual security issue, but certainly it was bad form.
josh
 
Posts: 1354
Joined: Fri Aug 29, 2003 2:28 pm

Return to What's New

Who is online

Users browsing this forum: No registered users and 1 guest

cron