lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 3 Jan 2006 21:43:49 -0000 From: security@...pal.org To: bugtraq@...urityfocus.com Subject: Re: Drupal all versiyon xss cehennem.org I have inspected the latest XSS filter mechanism of Drupal which is included in 4.5.6 and 4.6.4 versions and onward and both the decimal and the hexadecimal version is escaped when choosing the "Filtered HTML" format. The "Full HTML" format, as its name implies, does not filter HTML and its documented to be so. I am not aware of any contact attempts w/ the security team before mailing this report to the list. Regards Karoly Negyesi Security team coordinator
Powered by blists - more mailing lists