[OSM-dev] XSS Vulnerabilities

Frederik Ramm frederik at remote.org
Mon Jan 14 22:58:00 GMT 2008


Hi,

> I notice that the message sending section of the openstreetmap.org
> site is vulnerable to type 2 XSS attacks.

Had to look this up on Wikipedia. What he means is that you can send a
message to someone else that contains a "<b>" and when that message is
displayed, the "<b>" is not escaped properly but leads to a bold type.

Bye
Frederik

-- 
Frederik Ramm  ##  eMail frederik at remote.org  ##  N49°00.09' E008°23.33'





More information about the dev mailing list