[vox] may be a sad day for lugod.org
Brian E. Lavender
brian at brie.com
Sat Jun 2 18:01:45 PDT 2018
I was probably overreacting.
On Thu, May 03, 2018 at 03:16:11AM -0700, Brian E. Lavender wrote:
> An XSS security vulnerability has been identified in lugod.org. I am
> sure that it will need to be fixed, or.... fixed.
>
> https://www.openbugbounty.org/reports/611569/
>
> Owasp XSS (Cross Site Scripting) Prevention Cheat Sheet
> https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.230_-_Never_Insert_Untrusted_Data_Except_in_Allowed_Locations
>
> Hopefully, someone has the energy to step in an remedy the situation.
> Maybe the static site will come quicker than anticipated. I would hate
> to see the old info from the current site just "go away". I guess the
> internet time machine will capture it if not?
>
> brian
> --
> Brian Lavender
> http://www.brie.com/brian/
>
> "There are two ways of constructing a software design. One way is to
> make it so simple that there are obviously no deficiencies. And the other
> way is to make it so complicated that there are no obvious deficiencies."
>
> Professor C. A. R. Hoare
> The 1980 Turing award lecture
> _______________________________________________
> vox mailing list
> vox at lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
More information about the vox
mailing list