XXS issue - front page
Posted: Mon Jul 13, 2015 2:41 pm
There was a cross site scripting vulnerability on the new user form on the front page - fixed now. Reported at:
https://www.xssposed.org/incidents/71870/ (which, as I type, still shows it as "unpatched" - I guess they take some time to re-verify).
These fields only show up when you're not logged in, and when you're not logged in, there are no cookies or other account specific information, so I can't see how this would have been an actual security issue, but certainly it was bad form.
https://www.xssposed.org/incidents/71870/ (which, as I type, still shows it as "unpatched" - I guess they take some time to re-verify).
These fields only show up when you're not logged in, and when you're not logged in, there are no cookies or other account specific information, so I can't see how this would have been an actual security issue, but certainly it was bad form.