[EMAIL PROTECTED] wrote: > Cross site scripting vulnerabilities are specific to a particular cgi > / script / asp file.
Thanks. That was the gist of what I thought. However the code example sent me explaining I was vulnerable didn't include any references to any cgi file. The only cgis that run on the RaQ in question are a very secure copy of Formmail.pl from the monkeys.com site, and the Cobalt gui, which I really can't do anything about. > The only way to protect against them, is to > make sure you validate all user input, and remove any <script> > </script> tags before displaying this input back to the user. It looks like we're okay on that score. You've aleviated much of my concern, but I wonder why I got that message. Thanks. Jeff -- Jeff Lasman <[EMAIL PROTECTED]> Linux and Cobalt/Sun/RaQ Consulting nobaloney.net, P. O. Box 52672, Riverside, CA 92517 voice: +1 909 778-9980 * fax: +1 909 548-9484 _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
