Bugtraq mailing list archives
Re: Drupal all versiyon xss cehennem.org
From: security () drupal org
Date: 3 Jan 2006 21:43:49 -0000
I have inspected the latest XSS filter mechanism of Drupal which is included in 4.5.6 and 4.6.4 versions and onward and both the decimal and the hexadecimal version is escaped when choosing the "Filtered HTML" format. The "Full HTML" format, as its name implies, does not filter HTML and its documented to be so. I am not aware of any contact attempts w/ the security team before mailing this report to the list. Regards Karoly Negyesi Security team coordinator
Current thread:
- Drupal all versiyon xss cehennem.org liz0 (Jan 03)
- Re: Drupal all versiyon xss cehennem.org RSnake (Jan 03)
- <Possible follow-ups>
- Re: Drupal all versiyon xss cehennem.org security (Jan 03)