July 20, 2009
Вордпрес у издању 2.8.2 доноси исправку једног XSS пропуста који злонамерном коментатору оставља могућност да администратора блога преусмери на други сајт.
Planeta Srbija
Скуп блогова на српском језику
Архива за 'XSS' категорију
June 6, 2009
There is serious XSS vulnerability affecting all Joomla! versions prior to 1.5.11 which was released just a few days ago.DESCRIPTION: JA_Purity template is bundled in Joomla! and fails to sanitized user supplied input. An attacker can inject JavaScript or DHTML that will be saved in the cookie making persistent, running in the context of targeted user browser, allowing him to steal cookies. IMPACT: An attacker can exploit the vulnerability to store persistent XSS. This may lead in steal the targeted user cookies and gain access to the user account. Full disclosure at PacketStorm. So, still using old Joomla!?
