What does this have to do with Zope? Its down to an individual application.
----- Original Message -----
From: "ALife" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, September 23, 2001 10:23 AM
Subject: [Zope-dev] New: Cross Site Scripting vulnerability
>
> Example:
>
> http://www.zope.org/Documentation/<SCRIPT>alert(document.domain)</SCRIPT>
> http://www.zope.org/lalalalal<SCRIPT>alert(document.domain)</SCRIPT>
> http://www.zope.org/<SCRIPT>alert(document.cookie)</SCRIPT>
>
> For example, an attacker might post a message like
>
> Hello message board. This is a message.
> <SCRIPT>malicious code</SCRIPT>
> This is the end of my message.
>
> When a victim with scripts enabled in their browser reads this
> message, the malicious code may be executed unexpectedly.
> Scripting tags that can be embedded in this way include <SCRIPT>,
> <OBJECT>, <APPLET>, and <EMBED>.
>
>
>
> _______________________________________________
> Zope-Dev maillist - [EMAIL PROTECTED]
> http://lists.zope.org/mailman/listinfo/zope-dev
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope )
>
_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )