On Fri, Dec 16, 2011 at 21:42, Eric Hellman <e...@hellman.net> wrote: > > You'll be happy to know that as bad as things are, they've improved > considerably! I showed several ILS vendors how I could insert arbitrary > javascripts into their products. Some of them fixed their products in the > next update cycle, some took a couple of years. One particularly nasty > vulnerability I am unable to talk about, it was so nasty and close to home. > But the general problem persists. Perhaps an outing process would be useful. >
Leaks4Lib? +1 -Mike
