Dear Professor Mark, I think this short article can help "Cross site scripting (XSS) attacks are often seen as a powerless hack. While this is true in some cases, for the most part the impact of an XSS vulnerability is left up to the imagination and talent of the attacker..." <http:// www.informit.com/articles/article.aspx?p=603037>. I am not a security expert, but I think this can happen in the swiki home and in any page with edit permission or "add to the page" button. My best,
Antonio Barros Brazil Em 05/03/2008, às 18:31, Guzdial, Mark escreveu: > I'm not even sure I grok the question... > > > -----Original Message----- > From: [EMAIL PROTECTED] on behalf of > [EMAIL PROTECTED] > Sent: Wed 3/5/2008 4:23 PM > To: [EMAIL PROTECTED] > Subject: [Swiki-bugs] SWIKI 1.5 Cross-Site Scripting > > Swiki-Bugs, > FYI there is a XSS vuln in Swiki 1.5 exploitable by: > > http://[host]:8000/<script>alert("XSS");</script> > > I would like to post to bugtraq so please let me know when it has been > fixed! Thanks! > > -- > Brad Antoniewicz > Senior Security Consultant > Foundstone Professional Services > A Division of McAfee > http://www.foundstone.com > > [EMAIL PROTECTED] > (O) 646.728.1493 > (C) 347.801.5864 > (F) 212.869.6720 > 1133 Avenue of the Americas > New York, NY 10036 > PGP Key: http://www.foundstone.com/us/pgpkeys/bradantoniewicz.asc > Blog: http://www.avertlabs.com/research/blog/ > > > _______________________________________________ > Swiki-bugs mailing list > [EMAIL PROTECTED] > https://mailman.cc.gatech.edu/mailman/listinfo/swiki-bugs > > > _______________________________________________ > Pws mailing list > Pws@cc.gatech.edu > https://mailman.cc.gatech.edu/mailman/listinfo/pws _______________________________________________ Pws mailing list Pws@cc.gatech.edu https://mailman.cc.gatech.edu/mailman/listinfo/pws