tag:blogger.com,1999:blog-4457504812250871322.post5997118293886545262..comments2024-02-28T20:45:13.590-08:00Comments on code16: XSS in DokuWikicode16http://www.blogger.com/profile/10414695159301496862noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-4457504812250871322.post-18909177670569571522019-07-18T11:52:10.438-07:002019-07-18T11:52:10.438-07:00That's gonna be interesting :) I see you chang...That's gonna be interesting :) I see you changed the policy of your account at linkedin. Maybe check your priv msgs again and stop blaming me. Thanks. Bye.<br />code16https://www.blogger.com/profile/10414695159301496862noreply@blogger.comtag:blogger.com,1999:blog-4457504812250871322.post-83614554105035347512019-07-18T10:59:32.753-07:002019-07-18T10:59:32.753-07:00I *am* the "owner" of the softwareI *am* the "owner" of the softwaresplitbrainhttps://www.blogger.com/profile/18442215918837399013noreply@blogger.comtag:blogger.com,1999:blog-4457504812250871322.post-56509676965709782722019-07-18T10:57:57.961-07:002019-07-18T10:57:57.961-07:00@splitbrain: hi, thanks for watching :) 1st: accor...@splitbrain: hi, thanks for watching :) 1st: according to CWE79, I think it is XSS bug; 2nd: I asked directly 'the Owner' of the 'Open Source software'. Guess what... ;) 3rd: thanks for watching, or I said that already...<br />*bonus: sure, ping->vendor->response->researcher(s) should 'be the way'. <br /><br />cheerscode16https://www.blogger.com/profile/10414695159301496862noreply@blogger.comtag:blogger.com,1999:blog-4457504812250871322.post-73400296031540923772019-07-18T08:25:23.224-07:002019-07-18T08:25:23.224-07:00That's not really an XSS. You set the title of...That's not really an XSS. You set the title of the wiki through admin interface (which requires superuser permissions). The wiki title field explicitly allows HTML at the discretion of the admin. So that's intended behavior. Next time you think you found a vulnerability in an OpenSource software, be nice and report it through their requested security channels. splitbrainhttps://www.blogger.com/profile/18442215918837399013noreply@blogger.com