[VIM] oh how i love xerox

Steven M. Christey coley at linus.mitre.org
Wed Feb 22 01:31:24 EST 2006

On Tue, 21 Feb 2006, security curmudgeon wrote:

> As usual, the advisory is vague and repetitive.. every few months, same
> thing with a new ID number =)  This time, look at the wording regarding
> XSS. So is this something worse than XSS, or do they not quite get it?
> - Cross-site scripting allowing contents of web pages to be modified in an
> unauthorized manner

Change "XSS" to "HTML injection" and it makes sense.  Stick in a redirect
or set the text color to the same as the background color and it makes

Actually, recently I ran across some recent vendor forum for an
acknowledgement of an issue, where the initial discovery of the issue
happened when a customer was suffering from a redirect XSS attack.

Not that I personally like to use the terminological distinctions between
XSS and HTML injection and "script insertion" (?) when from a VDB
perspective, 75% of the time you don't know which variant it is in the
first place :)

- Steve

More information about the VIM mailing list