Package: dacode Severity: normal Tags: security CAN-2002-1805 concerns a cross-site scripting attack in dacode which allows an attacker to insert javascript into a <img> tag when posting a news item. Details here:
http://archives.neohapsis.com/archives/bugtraq/2002-09/0307.html I can find no evidence in the changelogs that this problem was fixed. I did not try to confirm it, although it should be every easy to test the example given on a running dacode instance. I couldn't find one to use though. If this bug was opened in error, I aplogise in advance.. -- see shy jo
signature.asc
Description: Digital signature
