[VIM] oh how i love xerox
Steven M. Christey
coley at linus.mitre.org
Wed Feb 22 01:31:24 EST 2006
On Tue, 21 Feb 2006, security curmudgeon wrote:
> As usual, the advisory is vague and repetitive.. every few months, same
> thing with a new ID number =) This time, look at the wording regarding
> XSS. So is this something worse than XSS, or do they not quite get it?
>...
>
> - Cross-site scripting allowing contents of web pages to be modified in an
> unauthorized manner
Change "XSS" to "HTML injection" and it makes sense. Stick in a redirect
or set the text color to the same as the background color and it makes
sense.
Actually, recently I ran across some recent vendor forum for an
acknowledgement of an issue, where the initial discovery of the issue
happened when a customer was suffering from a redirect XSS attack.
Not that I personally like to use the terminological distinctions between
XSS and HTML injection and "script insertion" (?) when from a VDB
perspective, 75% of the time you don't know which variant it is in the
first place :)
- Steve
More information about the VIM
mailing list