Amendment: It's only handled correctly in the frontend if
comments.filters_enabled is false.
On Mon, 12 Jan 2009 11:37:42 +0100
Simon Josi wrote:
> XSS ist possible in the admin part of the comments extensions.
>
> Reproduce:
> 1. Post a Comment with say "alert("oh my xss")"
> 2. Login as adm
XSS ist possible in the admin part of the comments extensions.
Reproduce:
1. Post a Comment with say "alert("oh my xss")"
2. Login as admin, goto comments tab
3. you see...
In the frontend, the output is handled correctly.
This gives an attacker the possibility to take over an admin account.
