Fw: W3C HTML Validator XSS Hole

[mattmurphy () kc rr com (Matthew Murphy)]

A vulnerability exists in the W3C HTML validator that allows for cross-site
scripting.  I haven't really studied the impacts of this much, but it could
be used (in theory) to gain access to the member area data for the user (the
member area uses Basic authentication):

http://validator.w3.org/check?charset=%28detect+automatically%29&doctype=%28
detect+automatically%29&uri=http%3A%2F%2F%3CSCRIPT%3Ealert%28document.URL%29
%3C%2FSCRIPT%3E