[Owasp-leaders] xss in Owasp.org

Ryan Barnett ryan.barnett at owasp.org
Mon Mar 25 15:38:13 UTC 2013


This is not an XSS vuln. This is how wiki works. It takes data from URI and uses it as the title for a new page. 

If, on the other hand, you can actually execute code then that is another issue. 

--
Ryan Barnett


On Mar 25, 2013, at 11:24 AM, Edgar Salazar <edgar.salazar at owasp.org> wrote:

> Good morning leaders, I hope you are well.
> 
> I have reported the following XSS owasp.org.
> 
> What actions can be taken?
> 
> That person manages OWASP wiki?
> 
> XSS --> http://t.co/4p4CQz1dAV
> 
> 
> Attached image.
> 
> Please validate this information.
> 
> Greetings all.
> 
> -- 
> 
> 
> 
> Edgar Salazar Tovar
> OWASP Venezuela Chapter Leader
> 
> Caracas, Venezuela
> +58 416 2810887
> 
> Skype: eddavid.salazar
> Twitter: @3ddavid
> edgar.salazar at owasp.org
> 
> <owasp.PNG>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130325/58e71d51/attachment.html>


More information about the OWASP-Leaders mailing list