2 Oct
2010
2 Oct
'10
4:56 p.m.
Hello, While working on a better E-mail validation, i found some cross-site vulnerabilities in the lib/accfuncs.inc. Here is the Patch, witch is fixing this problem. I hope, that i found all relevant parts, because I'm not so familiar with this site. You can try it by your own by setting a user name or e-mail with a single quote. Like: "foo'><script>alert('XSS');</script>" I will soon commit a patch for the E-mail validation using this website[1]. The most is working, except an problem with the double quotes. [1] http://www.linuxjournal.com/article/9585 greetings Viktor