Vulnerability Development mailing list archives

Re: Re: Sourceforge.net XSS

From: v9 () fakehalo us
Date: 13 Apr 2006 20:02:37 -0000

I understand the possibilities of XSS, however if you have to inject it as part of the URL line to have it display the 
injection i don't see how you are going to fool people, maybe encode it? otherwise it will be quite obvious, and it 
would have to be something small after being encoded.  another thing it isn't something people will "stroll" across and 
view.  I guess it still "counts" as a vulnerability. *shrug*

Current thread:

Sourceforge.net XSS the . spikey (Apr 09)
- <Possible follow-ups>
- Re: Sourceforge.net XSS v9 (Apr 12)
  - Re: Sourceforge.net XSS Daniel (Apr 12)
- Re: Re: Sourceforge.net XSS v9 (Apr 13)
  - Re: Sourceforge.net XSS ascii (Apr 13)
- Re: Sourceforge.net XSS Juan C Calderon (Apr 17)
  - Re: Sourceforge.net XSS v9 (Apr 17)
    - Re: Sourceforge.net XSS morgan allen (Apr 18)
    - Re: Sourceforge.net XSS Valdis . Kletnieks (Apr 18)
    - Re: Sourceforge.net XSS Juan C Calderon (Apr 18)