</fixed> On Wed, Dec 15, 2010 at 5:49 PM, Peter Besenbruch <p...@lava.net> wrote:
> On Thu, 2010-12-16 at 02:26 +1100, dave b wrote: > > I hate it when some one beats me to a bug report. > > https://addons.mozilla.org/en-US/firefox/user/5578717/ (this example > > will only work against firefox). > > The xss occurs due to no filtering / escaping the display name attribute > for a > > user. > > Cute. Very cute. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
