[OSM-dev] XSS Vulnerabilities
Tom Hughes
tom at compton.nu
Tue Jan 15 00:16:21 GMT 2008
In message <478BDC25.9050704 at notthesame.co.uk>
Callum Noble <callum at notthesame.co.uk> wrote:
> I notice that the message sending section of the openstreetmap.org site
> is vulnerable to type 2 XSS attacks.
Well thank you for announcing that on a public mailing list. Do you
not think an email to webmaster might have been more sensible?
> I mentioned this on IRC and someone said that there were other places on
> the site that this issue could be found.
I can see I'm going to have to have words with whichever genius
recommended that...
Unfortunately now that this has been publically revealed I am going to
have to make an emergency fix that loses (temporarily at least) some
functionality.
Tom
--
Tom Hughes (tom at compton.nu)
http://www.compton.nu/
More information about the dev
mailing list