On Wednesday 25 June 2008 16:12:35 Greg T. Grimes wrote: > I am fairly new to PmWiki development and bug tracking. Can someone > explain the process of getting this bug fixed? I see someone "voted" a 5 > for it, does this mean the person agrees? Again, I'm new and just > wondering. Thank you.
Hello, I am copying my question to the list: How could possibly the current $_SERVER['REQUEST_URI'] variable be a serious cross-site scripting vulnerability for anyone else than the browser which is calling the login form with an invalid url (non-stripped tags...)? What exactly client-side code could be executed? Feel free to demonstrate the vulnerability on my wiki which is located at http://galleries.accent.bg/Cookbook . Thanks a lot. Petko _______________________________________________ pmwiki-devel mailing list pmwiki-devel@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
