lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJaynOpVtuu2TatYbt8CYztnpxExhudWhe0wBZFafvth2ZxnsA@mail.gmail.com> Date: Tue, 29 Nov 2011 10:04:46 -0500 From: Alex Davis <alex@...oba.com> To: bugtraq@...urityfocus.com Subject: Re: Re: wordpress Lanoba Social Plugin Xss Vulnerabilities Thank you Am!r for your comments and thank you Henri Salo for reporting this to us, While Wordpress does have a cross site scripting problem (XSS) where not all user input is sanitized, if any of that unsanitized user input is redirected to the screen or browser, an attacker would be able to execute malicious scripts. However, Lanoba's plug in does sanitize user input, and because that input is never sent to the browser, an attacker has no way of executing script or code on a user's behalf. Thank you again for your input, we hope you found this information to be helpful. Lanoba Support support -at- lanoba.com
Powered by blists - more mailing lists