[pLog-svn] xss in 1.2.7
Jon Daley
plogworld at jon.limedaley.com
Sat May 3 09:33:01 EDT 2008
On Sat, 3 May 2008, Reto Hugi wrote:
>> http://www.securityfocus.com/archive/1/491550
>
> I noticed that too, just a minute ago. Looks like we've got the same
> Google Alert ;)
:)
> There are even more search fields around, that have no filter. But for
> example admineditcommentsachtion is filtering the searchTerms.
>
> Will you have time to fix it or shall I do it? (I'm away for today, but
> could do it tomorrow).
I think I probably shouldn't do lifetype stuff today, I have been
ignoring most of my other work. I think what we really need is an
exhaustive search through all parameters, rather than fixing them one at a
time when someone else finds them.
More information about the pLog-svn
mailing list