Re: OpenWiki<--v0.78 Cross-Site Scripting

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: OpenWiki<--v0.78 Cross-Site Scripting
From: DJeep@xxxxxxxxxxxx
Date: 12 Sep 2008 05:45:54 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

OpenWiki is _not_ vulnerable to Cross Site Scripting (XSS)

I'm the admin of OpenWiki.com and a close friend to Laurens Pit, the Creator of 
OpenWiki.

You cannot insert code in a wikipage or via URL parameters as they are all 
escaped before usage, so nothing can be compromised at other sites
 
The site has run for 8 years now. I can assure you that with such an open 
application where anyone may anonymously enter data, many have attempted to 
compromise it  But afaik it never has been.

Regards,
Jaap.

Prev by Date: Advisory 05/2008: Wordpress user_login Column SQL Truncation Vulnerability
Next by Date: [USN-644-1] libxml2 vulnerabilities
Previous by thread: OpenWiki<--v0.78 Cross-Site Scripting
Next by thread: HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection
Index(es):
- Date
- Thread