Security Hole – Comment system

  • Resolved bigodines

    (@bigodines)


    18 years, 8 months ago

    There is a major security hole in the comment system that allows XSS attacks. I’ve confirmed it on my default installation (with cocomment enabled). Is this a known issue? I’m gonna do some more testing with non-default installations but if you would like to help me on this, just comment a post with:

    <script>alert(666);</script> and see if you get it interpreted.

    thanks
    bigo

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security Hole – Comment system’ is closed to new replies.

Tags