lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <000d01c25c2c$a5d4d360$e62d1c41@kc.rr.com> From: mattmurphy at kc.rr.com (Matthew Murphy) Subject: Fw: W3C HTML Validator XSS Hole A vulnerability exists in the W3C HTML validator that allows for cross-site scripting. I haven't really studied the impacts of this much, but it could be used (in theory) to gain access to the member area data for the user (the member area uses Basic authentication): http://validator.w3.org/check?charset=%28detect+automatically%29&doctype=%28 detect+automatically%29&uri=http%3A%2F%2F%3CSCRIPT%3Ealert%28document.URL%29 %3C%2FSCRIPT%3E