Full Disclosure mailing list archives
Fw: W3C HTML Validator XSS Hole
From: mattmurphy () kc rr com (Matthew Murphy)
Date: Sat, 14 Sep 2002 15:23:54 -0500
A vulnerability exists in the W3C HTML validator that allows for cross-site scripting. I haven't really studied the impacts of this much, but it could be used (in theory) to gain access to the member area data for the user (the member area uses Basic authentication): http://validator.w3.org/check?charset=%28detect+automatically%29&doctype=%28 detect+automatically%29&uri=http%3A%2F%2F%3CSCRIPT%3Ealert%28document.URL%29 %3C%2FSCRIPT%3E
Current thread:
- Fw: W3C HTML Validator XSS Hole Matthew Murphy (Sep 14)