Full Disclosure mailing list archives
Re: To XSS or not?
From: Javor Ninov <drfrancky () securax org>
Date: Tue, 25 Jul 2006 04:42:59 +0300
how we will measure which one is major and which not ? major for you is minor for me and vice versa. if we agree that XSS are vulns (i personally agree) then they deserve to be reported. Just look at the subject of the message that report a XSS and choose to read it or to not read it. XSS are based on bad code practices .. some day the programmers will learn to not make such mistakes if we point them. if we ignore them .... well security is not based on ignorance. Aaron Gray wrote:
Major ones could still be reported on the other lists. Aaronsomething like xsstraq powered on securityfocus should be cleaner yep :)Maybe there should be a special XSS list that could specialize in that area ?_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Javor Ninov aka DrFrancky drfrancky shift+2 securax.org
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- To XSS or not? Gadi Evron (Jul 23)
- Re: To XSS or not? Aaron Gray (Jul 23)
- Re: To XSS or not? ad () heapoverflow com (Jul 23)
- Re: To XSS or not? Aaron Gray (Jul 23)
- Re: To XSS or not? Valery Marchuk (Jul 23)
- Re: To XSS or not? Javor Ninov (Jul 24)
- Re: To XSS or not? Aaron Gray (Jul 24)
- Re: To XSS or not? Michael Simpson (Jul 25)
- Re: To XSS or not? ad () heapoverflow com (Jul 23)
- Re: To XSS or not? Aaron Gray (Jul 23)