Thanks, Antonia -- and Hal! To respond to Hal's question: No, at this time, I have no plans to produce any updates to the Swiki software. I don't know if Jeff Rick is planning any (or even if he's reading on this list anymore). If anyone would like to become the Champion for the Swiki software, I'd welcome that!
Mark -----Original Message----- From: [EMAIL PROTECTED] on behalf of Antonio Barros Sent: Wed 3/5/2008 5:37 PM To: pws@cc.gatech.edu Subject: Re: [Pws] FW: [Swiki-bugs] SWIKI 1.5 Cross-Site Scripting Dear Professor Mark, I think this short article can help "Cross site scripting (XSS) attacks are often seen as a powerless hack. While this is true in some cases, for the most part the impact of an XSS vulnerability is left up to the imagination and talent of the attacker..." <http:// www.informit.com/articles/article.aspx?p=603037>. I am not a security expert, but I think this can happen in the swiki home and in any page with edit permission or "add to the page" button. My best, Antonio Barros Brazil Em 05/03/2008, às 18:31, Guzdial, Mark escreveu: > I'm not even sure I grok the question... > > > -----Original Message----- > From: [EMAIL PROTECTED] on behalf of > [EMAIL PROTECTED] > Sent: Wed 3/5/2008 4:23 PM > To: [EMAIL PROTECTED] > Subject: [Swiki-bugs] SWIKI 1.5 Cross-Site Scripting > > Swiki-Bugs, > FYI there is a XSS vuln in Swiki 1.5 exploitable by: > > http://[host]:8000/<script>alert("XSS");</script> > > I would like to post to bugtraq so please let me know when it has been > fixed! Thanks! > > -- > Brad Antoniewicz > Senior Security Consultant > Foundstone Professional Services > A Division of McAfee > http://www.foundstone.com > > [EMAIL PROTECTED] > (O) 646.728.1493 > (C) 347.801.5864 > (F) 212.869.6720 > 1133 Avenue of the Americas > New York, NY 10036 > PGP Key: http://www.foundstone.com/us/pgpkeys/bradantoniewicz.asc > Blog: http://www.avertlabs.com/research/blog/ > > > _______________________________________________ > Swiki-bugs mailing list > [EMAIL PROTECTED] > https://mailman.cc.gatech.edu/mailman/listinfo/swiki-bugs > > > _______________________________________________ > Pws mailing list > Pws@cc.gatech.edu > https://mailman.cc.gatech.edu/mailman/listinfo/pws _______________________________________________ Pws mailing list Pws@cc.gatech.edu https://mailman.cc.gatech.edu/mailman/listinfo/pws
_______________________________________________ Pws mailing list Pws@cc.gatech.edu https://mailman.cc.gatech.edu/mailman/listinfo/pws