[vox] may be a sad day for lugod.org
Brian E. Lavender
brian at brie.com
Thu May 3 03:16:11 PDT 2018
An XSS security vulnerability has been identified in lugod.org. I am
sure that it will need to be fixed, or.... fixed.
https://www.openbugbounty.org/reports/611569/
Owasp XSS (Cross Site Scripting) Prevention Cheat Sheet
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.230_-_Never_Insert_Untrusted_Data_Except_in_Allowed_Locations
Hopefully, someone has the energy to step in an remedy the situation.
Maybe the static site will come quicker than anticipated. I would hate
to see the old info from the current site just "go away". I guess the
internet time machine will capture it if not?
brian
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.lugod.org/pipermail/vox/attachments/20180503/ba745cb3/attachment.sig>
More information about the vox
mailing list